CVE-2025-0067

CWE-862 — Missing Authorization3 documents3 sources

Severity

6.3MEDIUM

EPSS

0.1%

top 82.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Java

Timeline

PublishedJan 14

Description

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_javaWD-RUNTIME 7.50

🔴Vulnerability Details

GHSA

GHSA-wv5f-24hf-9846: Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create↗2025-01-14

▶

CVEList

Missing Authorization check in SAP NetWeaver Application Server Java↗2025-01-14

▶