Authentication Bypass in SAP Approuter Node.js Package
CVE-2025-24876
8.1HIGH
What is CVE-2025-24876?
The SAP Approuter Node.js package versions up to and including v16.7.1 are vulnerable to an authentication bypass. This vulnerability allows an attacker to exploit the authorization code trading process to inject malicious payloads. If successful, the attacker can steal the victim's session, significantly compromising the confidentiality and integrity of the application. This exposes sensitive user data and operational security, necessitating immediate attention and remediation measures.
Affected Version(s)
SAP Approuter Node.js package 2.6.1 to 16.7.1