CVE-2025-23189: Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Medium (4.3)

Description

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 0.16206 (how common is this exploit)

EPSS Date: 2025-02-11 (when was this score calculated)

Classification

CVE ID: CVE-2025-23189

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver and ABAP Platform (SDCCN)

Timeline

2025-02-12 00:31:38 UTC
CVE

Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)