CVE-2025-42986
published 2025-07-08CVE-2025-42986: Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |
| sap_se | sap_netweaver_and_abap_platform | — | — |