Authorization Bypass Vulnerability in SAP Software
CVE-2025-42974

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform (sdccn)
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-42974?

An authorization bypass issue has been identified in SAP software, allowing authenticated users without administrative privileges to invoke remote-enabled function modules. This vulnerability could potentially grant access to sensitive information that should be restricted to privileged users, posing a risk to confidentiality. While the integrity and availability of the systems remain intact, organizations should assess and mitigate the risks associated with this flaw.

Affected Version(s)

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_700

SAP NetWeaver and ABAP Platform (SDCCN) 2008_1_710

SAP NetWeaver and ABAP Platform (SDCCN) 740

References

https://me.sap.com/notes/3610056

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025