CVE-2025-31331

Summary

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaverSAP_ABA 700affected
SAP_SESAP NetWeaver701affected
SAP_SESAP NetWeaver702affected
SAP_SESAP NetWeaver731affected
SAP_SESAP NetWeaver740affected
SAP_SESAP NetWeaver750affected
SAP_SESAP NetWeaver751affected
SAP_SESAP NetWeaver752affected
SAP_SESAP NetWeaver75Caffected
SAP_SESAP NetWeaver75Daffected
SAP_SESAP NetWeaver75Eaffected
SAP_SESAP NetWeaver75Faffected
SAP_SESAP NetWeaver75Gaffected
SAP_SESAP NetWeaver75Haffected
SAP_SESAP NetWeaver75Iaffected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References