CVE-2025-24872 — Incorrect Authorization in SE SAP Abap Platform

CWE-863 — Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 77.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Abap Platform
Timeline
PublishedFeb 11

Description

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact on the confidentiality of the application with no effect on the integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

â–¶CVEListV5sap_se/sap_abap_platform9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-x2gh-hgcj-q83q: The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction↗2025-02-11
â–¶
CVEList
Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)↗2025-02-11
â–¶
CVE-2025-24872 — Incorrect Authorization | cvebase