CVE-2025-31331

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3577131
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) SAP NetWeaver permite a un atacante eludir las comprobaciones de autorización, lo que le permite ver fragmentos de código ABAP que normalmente requerirían validación adicional. Una vez conectado al sistema ABAP, el atacante puede ejecutar una transacción específica que expone código confidencial del sistema sin la debida autorización. Esta vulnerabilidad compromete la confidencialidad.

08 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 08:15

Updated : 2025-04-08 18:13

NVD link : CVE-2025-31331

Mitre link : CVE-2025-31331

CVE.ORG link : CVE-2025-31331

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

4.3 /10