CVE-2025-30015Out-of-bounds Write in SE SAP Netweaver AND Abap Platform

CWE-787Out-of-bounds Write3 documents3 sources
Severity
4.1MEDIUMNVD
EPSS
0.3%
top 49.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AND Abap Platform
Timeline
PublishedApr 8

Description

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.7 | Impact: 3.4

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_and_abap_platform7.54, KERNEL 7.53, KRNL64UC 7.53+2

🔴Vulnerability Details

2
GHSA
GHSA-hxhq-978m-rmmg: Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high2025-04-08
CVEList
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)2025-04-08
CVE-2025-30015 — Out-of-bounds Write | cvebase