CVE-2025-25244Missing Authorization in SE SAP Business Warehouse

CWE-862Missing Authorization3 documents3 sources
Severity
5.7MEDIUMNVD
EPSS
0.0%
top 89.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Warehouse
Timeline
PublishedMar 11

Description

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no i

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

CVEListV5sap_se/sap_business_warehouse17 versions+16

🔴Vulnerability Details

2
CVEList
Missing Authorization Check in SAP Business Warehouse (Process Chains)2025-03-11
GHSA
GHSA-3p7m-5559-6p23: SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check2025-03-11
CVE-2025-25244 — Missing Authorization | cvebase