CVE-2025-23194 MEDIUM

CVE-2025-23194: Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

Vendor Sap_Se
Product SAP NetWeaver Enterprise Portal (OBN component)
Weakness CWE-306 · Missing auth
Published March 11, 2025
Last update March 11, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated