CVE-2025-27437

Summary

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAP (Virus Scan Interface)SAP_BASIS 758affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References