CVE-2025-42949 Information
Aug 13, 2025
cve
Description
Due to a missing authorization check in the ABAP Platform an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization leading to a significant compromise of data confidentiality. However the integrity and availability of the system remain unaffected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Reference
https://me.sap.com/notes/3626722 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.9
Related CNNVD
CNNVD-202508-986 (Published: 2025-08-12)
Share on: