CVE-2025-24872

Summary

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact on the confidentiality of the application with no effect on the integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 750affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 751affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 752affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 753affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 754affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 755affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 756affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 757affected
SAP_SESAP ABAP Platform (ABAP Build Framework)SAP_BASIS 758affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References