CVE-2025-42961

Summary

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References