Privilege Escalation in SAP Netweaver System Configuration by SAP
CVE-2025-42953

8.1HIGH

Key Information:

Vendor

SAP

Vendor
CVE Published:
8 July 2025

What is CVE-2025-42953?

The SAP Netweaver System Configuration lacks essential authorization checks for authenticated users, allowing unauthorized privilege escalation. This vulnerability can lead to complete compromise of the system's integrity and availability, although it does not affect its confidentiality. Proper security measures and patches are recommended to mitigate potential risks.

Affected Version(s)

SAP NetWeaver Application Server for ABAP SAP_BASIS 701

SAP NetWeaver Application Server for ABAP SAP_BASIS 702

SAP NetWeaver Application Server for ABAP SAP_BASIS 731

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42953 : Privilege Escalation in SAP Netweaver System Configuration by SAP