CVE-2025-0066

Published: Jan 14, 2025Modified: Oct 23, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application

Affected (17)

Products: Sap: Sap Basis

Sap

1 product

Sap Basis

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Basis	Version 700
Sap Sap Basis	Version 701
Sap Sap Basis	Version 702
Sap Sap Basis	Version 731
Sap Sap Basis	Version 740
Sap Sap Basis	Version 750
Sap Sap Basis	Version 751
Sap Sap Basis	Version 752
Sap Sap Basis	Version 753
Sap Sap Basis	Version 754
Sap Sap Basis	Version 755
Sap Sap Basis	Version 756
Sap Sap Basis	Version 757
Sap Sap Basis	Version 758
Sap Sap Basis	Version 912
Sap Sap Basis	Version 913
Sap Sap Basis	Version 914

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://me.sap.com/notes/3550708

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.