CVE-2025-23188Missing Authorization in SE SAP S 4hana

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4hana
Timeline
PublishedMar 11

Description

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_s_4hana9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-5545-33qg-4x69: An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perfor2025-03-11
CVEList
Missing Authorization check in SAP S/4HANA (RBD)2025-03-11
CVE-2025-23188 — Missing Authorization | cvebase