5.4

CVE-2025-42936

EPSS 0.05%
Veröffentlicht 12.08.2025 02:05:19
Zuletzt bearbeitet 23.10.2025 12:41:58
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authorization check in SAP NetWeaver Application Server for ABAP

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 15 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Sap Basis Version700

SAP ≫ Sap Basis Version701

SAP ≫ Sap Basis Version702

SAP ≫ Sap Basis Version731

SAP ≫ Sap Basis Version740

SAP ≫ Sap Basis Version750

SAP ≫ Sap Basis Version751

SAP ≫ Sap Basis Version752

SAP ≫ Sap Basis Version753

SAP ≫ Sap Basis Version754

SAP ≫ Sap Basis Version755

SAP ≫ Sap Basis Version756

SAP ≫ Sap Basis Version757

SAP ≫ Sap Basis Version758

SAP ≫ Sap Basis Version816

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://url.sap/sapsecuritypatchday

Patch

https://me.sap.com/notes/3602656

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-42936

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42936

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42936

EUVD