CVE-2025-31331
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver | SAP_ABA 700 | affected |
| SAP_SE | SAP NetWeaver | 701 | affected |
| SAP_SE | SAP NetWeaver | 702 | affected |
| SAP_SE | SAP NetWeaver | 731 | affected |
| SAP_SE | SAP NetWeaver | 740 | affected |
| SAP_SE | SAP NetWeaver | 750 | affected |
| SAP_SE | SAP NetWeaver | 751 | affected |
| SAP_SE | SAP NetWeaver | 752 | affected |
| SAP_SE | SAP NetWeaver | 75C | affected |
| SAP_SE | SAP NetWeaver | 75D | affected |
| SAP_SE | SAP NetWeaver | 75E | affected |
| SAP_SE | SAP NetWeaver | 75F | affected |
| SAP_SE | SAP NetWeaver | 75G | affected |
| SAP_SE | SAP NetWeaver | 75H | affected |
| SAP_SE | SAP NetWeaver | 75I | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.