CVE-2025-0058

Published: Jan 14, 2025Modified: Oct 24, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: CNA (Secondary)

Description

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.

Affected (9)

Products: Sap: Sap Basis

Sap

1 product

Sap Basis

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Basis	Version 753
Sap Sap Basis	Version 754
Sap Sap Basis	Version 755
Sap Sap Basis	Version 756
Sap Sap Basis	Version 757
Sap Sap Basis	Version 758
Sap Sap Basis	Version 912
Sap Sap Basis	Version 913
Sap Sap Basis	Version 914

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://me.sap.com/notes/3542698

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.