CVE-2025-23187 — Missing Authorization in SE SAP Netweaver AND Abap Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AND Abap Platform

Timeline

PublishedFeb 11

Description

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_and_abap_platformST-PI 2008_1_700, ST-PI 2008_1_710, ST-PI 740+2

🔴Vulnerability Details

CVEList

Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)↗2025-02-11

▶

GHSA

GHSA-22gv-43vq-fhjw: Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-d↗2025-02-11

▶