CVE-2025-24869 Information

Description

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components including their XML definitions. This information should ideally be restricted to customer administrators even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario sensitive information could be exposed without compromising its integrity or availability.

Reference

https://me.sap.com/notes/3550027 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday