CVE-2025-0070
CRITICALSAP NetWeaver Application Server for ABAP and ABAP Platform - Privi...
Title source: llmDescription
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3537476
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
9.9
EPSS
0.0016
EPSS Percentile
36.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (14)
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.22EXT
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.53
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.54
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.77
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.89
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.93
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
7.97
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
8.04
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
9.12
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
9.13
... and 4 more
Published
Jan 14, 2025
Tracked Since
Feb 18, 2026