Authorization Bypass in SAP NetWeaver
CVE-2025-31331

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-31331?

SAP NetWeaver is affected by a vulnerability that allows an attacker to circumvent authorization checks, providing unauthorized access to sensitive portions of ABAP code. This occurs after the attacker gains entry into the ABAP system, where they can execute specific transactions that reveal critical system code without the necessary validation. Such exploitation threatens the confidentiality of the system's internal operations and sensitive information.

Affected Version(s)

SAP NetWeaver SAP_ABA 700

SAP NetWeaver 701

SAP NetWeaver 702

References

https://me.sap.com/notes/3577131

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 27, 2025