CVE-2025-0063

Published: Jan 14, 2025Modified: Oct 24, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: CNA (Secondary)

Description

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.

Affected (14)

Products: Sap: Sap Basis

Sap

1 product

Sap Basis

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Basis	Version 700
Sap Sap Basis	Version 701
Sap Sap Basis	Version 702
Sap Sap Basis	Version 731
Sap Sap Basis	Version 740
Sap Sap Basis	Version 750
Sap Sap Basis	Version 751
Sap Sap Basis	Version 752
Sap Sap Basis	Version 753
Sap Sap Basis	Version 754
Sap Sap Basis	Version 755
Sap Sap Basis	Version 756
Sap Sap Basis	Version 757
Sap Sap Basis	Version 758

Related CWEs

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (2)

https://me.sap.com/notes/3550816

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.