Authorization Bypass Vulnerability in SAP ABAP Platform
CVE-2025-42949

4.9MEDIUM

Key Information:

Vendor: SAP
Status: Abap Platform
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42949?

A significant vulnerability exists in the SAP ABAP Platform due to a missing authorization check. An authenticated user with elevated privileges can exploit this flaw through the SQL Console, allowing them to bypass authorization restrictions for common transactions. This oversight could lead to unauthorized access to sensitive database tables, thereby compromising the confidentiality of critical data. While the integrity and availability of the system remain intact, this vulnerability poses a serious risk to data security.

Affected Version(s)

ABAP Platform SAP_BASIS 758

ABAP Platform SAP_BASIS 816

ABAP Platform SAP_BASIS 916

References

https://me.sap.com/notes/3626722

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025