CVE-2025-42953 — Missing Authorization in SE SAP Netweaver Application Server FOR Abap

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 77.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap

Timeline

PublishedJul 8

Description

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap14 versions+13

🔴Vulnerability Details

CVEList

Missing Authorization check in SAP NetWeaver Application Server for ABAP↗2025-07-08

▶

GHSA

GHSA-h6h7-jgvg-jrhf: SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges↗2025-07-08

▶