CVE-2025-23190: Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Medium (4.3)

Description

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 0.16206 (how common is this exploit)

EPSS Date: 2025-02-11 (when was this score calculated)

Classification

CVE ID: CVE-2025-23190

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver and ABAP platform (ST-PI)

Timeline

2025-02-12 00:31:38 UTC
CVE

Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)