CVE-2025-31329 Information
May 14, 2025
cve
Description
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality with no significant effect on Integrity or Availability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Reference
https://me.sap.com/notes/3577287 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.2
Share on: