CVE-2025-42918 — Missing Authorization in SE SAP Netweaver Application Server FOR Abap

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 89.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap SAP Basis

Timeline

PublishedSep 9

Description

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap15 versions+14

▶NVDsap/sap_basis15 versions+14

Patches

Patch: url.sap ↗

🔴Vulnerability Details

GHSA

GHSA-w83c-pf6r-m68g: SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile↗2025-09-09

▶

CVEList

Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)↗2025-09-09

▶