CVE-2025-23193

Summary

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Server ABAPSAP_BASIS 758affected

Weaknesses

  • CWE-204: CWE-204: Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References