CVE-2025-42961 Information
Jul 09, 2025
cve
Description
Due to a missing authorization check in SAP NetWeaver Application server for ABAP an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations unauthorized reading of critical data is possible resulting in a significant impact on the confidentiality of the information stored. However the integrity and availability of the system remain unaffected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Reference
https://me.sap.com/notes/3610322 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.9
Related CNNVD
CNNVD-202507-799 (Published: 2025-07-08)
Share on: