Unauthorized Access Vulnerability in SAP ABAP Platform by SAP
CVE-2025-24872

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Abap Platform (abap Build Framework)
Vendor: CVE Published:; 11 February 2025

Summary

The ABAP Build Framework in SAP ABAP Platform is susceptible to an issue that enables an authenticated attacker to gain unauthorized access to specific transactions. By leveraging the add-on build functionality within the framework, an attacker can invoke certain transactions and inspect their details. Although this vulnerability poses a risk to confidentiality, it does not compromise the integrity or availability of the application.

Affected Version(s)

SAP ABAP Platform (ABAP Build Framework) SAP_BASIS 750

SAP ABAP Platform (ABAP Build Framework) SAP_BASIS 751

SAP ABAP Platform (ABAP Build Framework) SAP_BASIS 752

References

https://me.sap.com/notes/3553753

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 27, 2025