CVE-2025-31331 | THREATINT

Description

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.

PUBLISHED Reserved 2025-03-27 | Published 2025-04-08 | Updated 2025-04-08 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

Default status

unaffected

SAP_ABA 700

affected

701

affected

702

affected

731

affected

740

affected

750

affected

751

affected

752

affected

75C

affected

75D

affected

75E

affected

75F

affected

75G

affected

75H

affected

75I

affected

References

me.sap.com/notes/3577131

url.sap/sapsecuritypatchday

cve.org (CVE-2025-31331)

nvd.nist.gov (CVE-2025-31331)

Download JSON