CVE-2025-42882

Medienbericht

EPSS 0.03%
Veröffentlicht 11.11.2025 00:13:33
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP NetWeaver Application Server for ABAP

Default Statusunaffected

Version SAP_BASIS 700

Status affected

Version SAP_BASIS 701

Status affected

Version SAP_BASIS 702

Status affected

Version SAP_BASIS 731

Status affected

Version SAP_BASIS 740

Status affected

Version SAP_BASIS 750

Status affected

Version SAP_BASIS 751

Status affected

Version SAP_BASIS 752

Status affected

Version SAP_BASIS 753

Status affected

Version SAP_BASIS 754

Status affected

Version SAP_BASIS 755

Status affected

Version SAP_BASIS 756

Status affected

Version SAP_BASIS 757

Status affected

Version SAP_BASIS 758

Status affected

Version SAP_BASIS 816

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.heise.de/news/SAP-Patchday-bringt-18-neue-Sicherheitsmitteilungen-11073912.html

Media Report

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3643337

https://nvd.nist.gov/vuln/detail/CVE-2025-42882

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42882

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42882

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-42882