CVE-2025-0070: Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

9.9 CVSS

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.

Classification

CVE ID: CVE-2025-0070

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.9

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver Application Server for ABAP and ABAP Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://me.sap.com/notes/3537476
https://url.sap/sapsecuritypatchday

Timeline

2025-01-15 00:30:47 UTC
CVE

Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform