Authorization Check Flaw in SAP BASIS Vulnerable to Remote Function Call Abuse
CVE-2025-42986
4.3MEDIUM
What is CVE-2025-42986?
A significant vulnerability has been identified within the SAP BASIS framework due to a missing authorization check in a legacy function module. This flaw allows an authenticated low-privilege attacker to exploit a Remote Function Call (RFC) feature, leading to potential access to sensitive system information that should remain restricted. While this vulnerability poses a low risk to the confidentiality of information, it does not directly affect the integrity or availability of the SAP application.
Affected Version(s)
SAP NetWeaver and ABAP Platform SAP_BASIS 700
SAP NetWeaver and ABAP Platform SAP_BASIS 701
SAP NetWeaver and ABAP Platform SAP_BASIS 702