CVE-2025-0053

Published: Jan 14, 2025Modified: Oct 24, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: CNA (Secondary)

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.

Affected (13)

Products: Sap: Sap Basis

Sap

1 product

Sap Basis

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Basis	Version 700
Sap Sap Basis	Version 701
Sap Sap Basis	Version 702
Sap Sap Basis	Version 731
Sap Sap Basis	Version 740
Sap Sap Basis	Version 750
Sap Sap Basis	Version 751
Sap Sap Basis	Version 752
Sap Sap Basis	Version 753
Sap Sap Basis	Version 754
Sap Sap Basis	Version 755
Sap Sap Basis	Version 756
Sap Sap Basis	Version 757

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://me.sap.com/notes/3536461

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.