CVE-2025-24872 MEDIUM

CVE-2025-24872: Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

Vendor Sap_Se
Product SAP ABAP Platform (ABAP Build Framework)
Weakness CWE-863 · Incorrect authorization
Published February 11, 2025
Last update February 18, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact on the confidentiality of the application with no effect on the integrity and availability of the application.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 18, 2025 Record updated