Authorization Bypass in SAP Enterprise Search for ABAP by SAP
CVE-2025-42891

5.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP Enterprise Search For Abap
Vendor
CVE Published:
9 December 2025

What is CVE-2025-42891?

A critical multiple authorization bypass vulnerability exists in SAP Enterprise Search for ABAP that allows attackers with elevated privileges to access and export database table contents via an ABAP report. This could significantly compromise data confidentiality while maintaining data integrity and availability.

Affected Version(s)

SAP Enterprise Search for ABAP SAP_BASIS 752

SAP Enterprise Search for ABAP SAP_BASIS 753

SAP Enterprise Search for ABAP SAP_BASIS 754

References

https://me.sap.com/notes/3659117
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-42891 : Authorization Bypass in SAP Enterprise Search for ABAP by SAP