CVE-2025-42953

Summary

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References