CVE-2025-26661 Information
Mar 12, 2025
cve
Description
Due to missing authorization check SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have resulting in escalation of privileges. On successful exploitation this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://me.sap.com/notes/3563927 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: