CVE-2025-31329 MEDIUM

CVE-2025-31329: Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Vendor Sap_Se
Product SAP NetWeaver Application Server ABAP and ABAP Platform
Weakness CWE-141
Published May 13, 2025
Last update May 13, 2025

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated