Missing Authorization Check in SAP Functions
CVE-2025-23190

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform (st-pi)
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-23190?

A missing authorization check in SAP's remote-enabled function modules allows authenticated attackers to access sensitive data without proper authorization. While attackers cannot modify any data or disrupt system availability, the potential exposure of confidential information poses significant security risks. It is essential for users to update their systems in accordance with the latest security patches provided by SAP to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver and ABAP platform (ST-PI) ST-PI 2008_1_700

SAP NetWeaver and ABAP platform (ST-PI) ST-PI 2008_1_710

SAP NetWeaver and ABAP platform (ST-PI) ST-PI 740

References

https://me.sap.com/notes/3547581

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 13, 2025

JSON

SAP