Directory Traversal Vulnerability in SAP Solution Manager
CVE-2025-27428

7.7HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform (service Data Collection)
Vendor: CVE Published:; 8 April 2025

Summary

A directory traversal vulnerability exists in SAP Solution Manager, allowing an authorized attacker to exploit RFC enabled function modules. By executing a successful attack, the intruder could access sensitive files on any managed system linked to SAP Solution Manager. This poses a significant risk to the confidentiality of critical information, although there is no impact on integrity or availability of systems. Security measures should be implemented to mitigate potential exploitation from this vulnerability.

Affected Version(s)

SAP NetWeaver and ABAP Platform (Service Data Collection) ST-PI 2008_1_700

SAP NetWeaver and ABAP Platform (Service Data Collection) 2008_1_710

SAP NetWeaver and ABAP Platform (Service Data Collection) 740

References

https://me.sap.com/notes/3581811

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 25, 2025