CVE-2025-42949Missing Authorization in SE Abap Platform

CWE-862Missing Authorization3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.0%
top 88.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE Abap Platform
Timeline
PublishedAug 12

Description

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

CVEListV5sap_se/abap_platformSAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 916+2

🔴Vulnerability Details

2
CVEList
Missing Authorization check in ABAP Platform2025-08-12
GHSA
GHSA-v5mq-3g8r-vp97: Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for2025-08-12
CVE-2025-42949 — Missing Authorization | cvebase