CVE-2025-30017

MEDIUM

SAP Solution Manager 7.1 - Auth Bypass

Title source: llm

Description

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.

References (2)

Core 2

Core References

Vendor Advisory

https://me.sap.com/notes/3558864

Vendor Advisory

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.4

EPSS 0.0007

EPSS Percentile 20.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (16)

SAP_SE/SAP Solution Manager SAP_BASIS 700

SAP_SE/SAP Solution Manager SAP_BASIS 701

SAP_SE/SAP Solution Manager SAP_BASIS 702

SAP_SE/SAP Solution Manager SAP_BASIS 731

SAP_SE/SAP Solution Manager SAP_BASIS 740

SAP_SE/SAP Solution Manager SAP_BASIS 750

SAP_SE/SAP Solution Manager SAP_BASIS 751

SAP_SE/SAP Solution Manager SAP_BASIS 752

SAP_SE/SAP Solution Manager SAP_BASIS 753

SAP_SE/SAP Solution Manager SAP_BASIS 754

... and 6 more

Published Apr 08, 2025

Tracked Since Feb 18, 2026