CVE-2025-0066

Summary

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 700affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 701affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 702affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 731affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 740affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 750affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 751affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 752affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 753affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 754affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 755affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 756affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 757affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 758affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 912affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 913affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)SAP_BASIS 914affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References