CVE-2025-0058

Summary

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 753affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 754affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 755affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 756affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 757affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 758affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 912affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 913affected
SAP_SESAP Business Workflow and SAP Flexible WorkflowSAP_BASIS 914affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References