Authorization Bypass Vulnerability in SAP ABAP Platform
CVE-2025-42949

4.9MEDIUM

Key Information:

Vendor: SAP
Status: Abap Platform
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42949?

A significant vulnerability exists in the SAP ABAP Platform due to a missing authorization check. An authenticated user with elevated privileges can exploit this flaw through the SQL Console, allowing them to bypass authorization restrictions for common transactions. This oversight could lead to unauthorized access to sensitive database tables, thereby compromising the confidentiality of critical data. While the integrity and availability of the system remain intact, this vulnerability poses a serious risk to data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ABAP Platform SAP_BASIS 758

ABAP Platform SAP_BASIS 816

ABAP Platform SAP_BASIS 916

References

https://me.sap.com/notes/3626722

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

SAP

What is CVE-2025-42949?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.