Home

Description

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2025-07-08 | Assigner sap




MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

SAP_BASIS 700
affected

SAP_BASIS 701
affected

SAP_BASIS 702
affected

SAP_BASIS 731
affected

SAP_BASIS 740
affected

SAP_BASIS 750
affected

SAP_BASIS 751
affected

SAP_BASIS 752
affected

SAP_BASIS 753
affected

SAP_BASIS 754
affected

SAP_BASIS 755
affected

SAP_BASIS 756
affected

SAP_BASIS 757
affected

SAP_BASIS 758
affected

SAP_BASIS 816
affected

References

me.sap.com/notes/3610322

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42961)

nvd.nist.gov (CVE-2025-42961)

Download JSON