← volver
CVE-2025-42882

Missing Authorization check in SAP NetWeaver Application Server for ABAP

CVSS 4.3 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 nov 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server for ABAP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3643337https://url.sap/sapsecuritypatchday