CVE-2025-26661Missing Authorization in SE SAP Netweaver

CWE-862Missing AuthorizationCWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 62.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedMar 11

Description

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-r597-fw99-924j: Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resultin2025-03-11
CVEList
Missing Authorization check in SAP NetWeaver (ABAP Class Builder)2025-03-11

📋Vendor Advisories

1
Microsoft
drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'2024-04-09
CVE-2025-26661 — Missing Authorization | cvebase