CVE-2025-30015

Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

CVSS 4.1 MEDIUMEPSS 0.2%CWE-787

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 abr 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Productos afectados

SAP_SE · SAP NetWeaver and ABAP Platform (Application Server ABAP)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3565944 https://url.sap/sapsecuritypatchday