CVE-2025-42936
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-10-23
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_basis | 700 |
| sap | sap_basis | 701 |
| sap | sap_basis | 702 |
| sap | sap_basis | 731 |
| sap | sap_basis | 740 |
| sap | sap_basis | 750 |
| sap | sap_basis | 751 |
| sap | sap_basis | 752 |
| sap | sap_basis | 753 |
| sap | sap_basis | 754 |
| sap | sap_basis | 755 |
| sap | sap_basis | 756 |
| sap | sap_basis | 757 |
| sap | sap_basis | 758 |
| sap | sap_basis | 816 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the SAP NetWeaver Application Server for ABAP occurs because administrators cannot assign distinct authorizations for different user roles. As a result, authenticated users can access restricted objects in the barcode interface, which leads to privilege escalation.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing authenticated users to access restricted objects they should not have access to. This impacts the confidentiality and integrity of the application to a low degree but does not affect availability.