CVE-2025-0068

Summary

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 758affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References