CVE-2025-0070

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKRNL64NUC 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.22EXTaffected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKRNL64UC 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.53affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform8.04affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKERNEL 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.54affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.77affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.89affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.93affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.97affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform9.12affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform9.13affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform9.14affected

Weaknesses

  • CWE-287: CWE-287: (Improper Authentication)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References