Unauthorized Access Vulnerability in SAP Applications
CVE-2025-42989
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 10 June 2025
What is CVE-2025-42989?
CVE-2025-42989 is a notable vulnerability identified within SAP applications, primarily affecting their core functionalities tied to Remote Function Call (RFC) inbound processing. This flaw stems from insufficient authorization checks for authenticated users, which allows for privilege escalation. If exploited, an attacker could gain unauthorized access to sensitive features and data, thereby risking the integrity and availability of the applications involved. This vulnerability poses a severe threat to organizations relying on SAP for critical business processes, as it could enable malicious actors to manipulate essential systems and disrupt operations.
Potential impact of CVE-2025-42989
-
Privilege Escalation: The vulnerability allows authenticated users to escalate their privileges, which can lead to unauthorized access and control over sensitive information and functionalities within the SAP environment.
-
Data Integrity Risks: Exploitation of this vulnerability could compromise the integrity of the data managed by SAP applications, leading to potential manipulation or corruption of critical business data.
-
Operational Disruption: By exploiting this weakness, attackers can significantly affect the application's availability, resulting in downtime and disruption of vital business operations that depend on SAP systems.
Affected Version(s)
SAP NetWeaver Application Server for ABAP KERNEL 7.89
SAP NetWeaver Application Server for ABAP 7.93
SAP NetWeaver Application Server for ABAP 9.14