CVE-2025-42891

Summary

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 752affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 753affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 754affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 755affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 756affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 757affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 758affected
SAP_SESAP Enterprise Search for ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References