CVE-2025-0070

critical

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.

References

https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/

https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3537476

Details

Source: Mitre, NVD

Published: 2025-01-14

Updated: 2025-01-14

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical