CVE-2025-0053 — Information Exposure via Error Message in SE SAP Netweaver Application Server FOR Abap AND Abap Platform

CWE-209 — Information Exposure via Error Message3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Basis

Timeline

PublishedJan 14

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform13 versions+12

▶NVDsap/sap_basis13 versions+12

Patches

Patch: url.sap ↗

🔴Vulnerability Details

CVEList

Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform↗2025-01-14

▶

GHSA

GHSA-p8fh-8pr9-v7p8: SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information↗2025-01-14

▶