CVE-2025-30015

Summary

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)KRNL64UC 7.53affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)KERNEL 7.53affected
SAP_SESAP NetWeaver and ABAP Platform (Application Server ABAP)7.54affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References