CVE-2025-30015

Published: Apr 8, 2025Modified: Apr 8, 2025

4.1

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 0.7 / Impact: 3.4

Source: CNA (Secondary)

Description

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://me.sap.com/notes/3565944

Source: cna@sap.com

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Timeline

No history available yet.