CVE-2025-42968 MEDIUM

CVE-2025-42968: Missing Authorization check in SAP NetWeaver (RFC enabled function module)

Vendor Sap_Se
Product SAP NetWeaver (RFC enabled function module)
Weakness CWE-862 · Missing authorization
Published July 8, 2025
Last update July 8, 2025
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-38479 WordPress Simple Googlebot Visit plugin <= 1.2.4 - Broken Access Control vulnerability CVE-2024-31099 WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability CVE-2024-31343 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10.1 - Arbitrary File Download vulnerability CVE-2025-31576 WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability CVE-2025-42914 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)