CVE-2025-30017 MEDIUM

CVE-2025-30017: Missing Authorization check in SAP Solution Manager

Vendor Sap_Se
Product SAP Solution Manager
Weakness CWE-862 · Missing authorization
Published April 8, 2025
Last update April 8, 2025

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated