CVE-2025-42936

Summary

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References