Home

Description

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner sap




MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

SAP_BASIS 752
affected

SAP_BASIS 753
affected

SAP_BASIS 754
affected

SAP_BASIS 755
affected

SAP_BASIS 756
affected

SAP_BASIS 757
affected

SAP_BASIS 758
affected

SAP_BASIS 816
affected

References

me.sap.com/notes/3659117

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42891)

nvd.nist.gov (CVE-2025-42891)

Download JSON