CVE-2025-42986 Information
Jul 09, 2025
cve
Description
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS an authenticated low-privileged attacker could call a Remote Function Call (RFC) potentially accessing restricted system information. This results in low impact on confidentiality with no impact on integrity or availability of the application.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Reference
https://me.sap.com/notes/3626440 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
4.3
Related CNNVD
CNNVD-202507-817 (Published: 2025-07-08)
Share on: