CVE-2025-0063: SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
First published: Tue Jan 14 2025(Updated: )
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server ABAP | ||
| SAP ABAP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-0063?
CVE-2025-0063 has a high severity rating due to the potential for complete compromise of data confidentiality.
How do I fix CVE-2025-0063?
To fix CVE-2025-0063, ensure that authorization checks are properly implemented for RFC function module executions.
Who is affected by CVE-2025-0063?
CVE-2025-0063 affects users of SAP NetWeaver AS ABAP and SAP ABAP Platform.
Can CVE-2025-0063 be exploited remotely?
Yes, CVE-2025-0063 can be exploited remotely by an attacker with basic user privileges.
What could an attacker gain from exploiting CVE-2025-0063?
An attacker could gain control over data in the Informix database, leading to a complete compromise of confidentiality.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver application server abap
- canonical/sap abap