CVE-2025-31331Incorrect Authorization in SE SAP Netweaver

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedApr 8

Description

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-jc4p-p49m-8p2p: SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional va2025-04-08
CVEList
Authorization Bypass vulnerability in SAP NetWeaver2025-04-08
CVE-2025-31331 — Incorrect Authorization | cvebase