CVE 5 MEDIUM

Missing Authorization check in SAP NetWeaver (Service Data Download)_CVE-2025-42911

September 8, 2025 invoker category_cve
5 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Description

SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application

Basic Information

ID CVE-2025-42911
Source sap
Published Sep 9, 2025 at 02:05

Affected Product

Vendor SAP_SE
Product SAP NetWeaver (Service Data Download)
Version SAP_BASIS 700
Affected Versions SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 700
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 701
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 702
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 731
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 740
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 750
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 751
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 752
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 753
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 754
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 755
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 756
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 757
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 758
SAP_SE SAP NetWeaver (Service Data Download) SAP_BASIS 816

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.