CVE-2025-42953
Missing Authorization check in SAP NetWeaver Application Server for ABAP
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 jul 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Productos afectados
SAP_SE · SAP NetWeaver Application Server for ABAP¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →