CVE-2025-30015 MEDIUM

CVE-2025-30015: Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Vendor Sap_Se
Product SAP NetWeaver and ABAP Platform (Application Server ABAP)
Weakness CWE-787
Published April 8, 2025
Last update April 8, 2025

CVSS base score

4.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated