Missing Authorization check in ABAP Platform_CVE-2025-42949

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.

Basic Information

ID CVE-2025-42949

Source sap

Published Aug 12, 2025 at 02:08

Affected Product

Vendor SAP_SE

Product ABAP Platform

Version SAP_BASIS 758

Affected Versions SAP_SE ABAP Platform SAP_BASIS 758
SAP_SE ABAP Platform SAP_BASIS 816
SAP_SE ABAP Platform SAP_BASIS 916

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.",
    "published": "2025-08-12T02:08:28.405Z",
    "modified": "2025-08-12T02:08:28.405Z",
    "type": "cve",
    "title": "Missing Authorization check in ABAP Platform",
    "source": "sap",
    "references": "https://me.sap.com/notes/3626722\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42949",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE ABAP Platform SAP_BASIS 758\nSAP_SE ABAP Platform SAP_BASIS 816\nSAP_SE ABAP Platform SAP_BASIS 916",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ABAP Platform",
    "version": "SAP_BASIS 758",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}