Missing Authorization Check in SAP Software Module
CVE-2025-23187
5.3MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2025-23187?
A vulnerability exists within an RFC-enabled function module in transaction SDCCN, allowing unauthenticated attackers to generate technical meta-data. While this issue may lead to integrity concerns, it poses no threats to confidentiality or availability. SAP has recommended patching strategies, which can be found in their official notes and security patch day resources.
Affected Version(s)
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_700
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_710
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 740