CVE-2025-42936 | THREATINT

Description

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-13 | Assigner sap

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

SAP_BASIS 700

affected

SAP_BASIS 701

affected

SAP_BASIS 702

affected

SAP_BASIS 731

affected

SAP_BASIS 740

affected

SAP_BASIS 750

affected

SAP_BASIS 751

affected

SAP_BASIS 752

affected

SAP_BASIS 753

affected

SAP_BASIS 754

affected

SAP_BASIS 755

affected

SAP_BASIS 756

affected

SAP_BASIS 757

affected

SAP_BASIS 758

affected

SAP_BASIS 816

affected

References

me.sap.com/notes/3602656

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42936)

nvd.nist.gov (CVE-2025-42936)

Download JSON