CVE-2025-0068: Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
First published: Tue Jan 14 2025(Updated: )
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-0068?
CVE-2025-0068 has a low severity as it does not impact the integrity or availability of the application.
How do I fix CVE-2025-0068?
Fixing CVE-2025-0068 involves applying the latest security patch provided by SAP for the NetWeaver Application Server ABAP.
What type of vulnerability is CVE-2025-0068?
CVE-2025-0068 is an authorization vulnerability due to obsolete functionality in SAP NetWeaver Application Server ABAP.
Who is affected by CVE-2025-0068?
Organizations using the SAP NetWeaver Application Server ABAP are affected by CVE-2025-0068.
Can an attacker exploit CVE-2025-0068?
Yes, an authenticated attacker can exploit CVE-2025-0068 to access restricted information.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver application server