First published: Tue Mar 11 2025(Updated: )
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Business One on HANA |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26658 is classified as a high severity vulnerability due to its potential for unauthorized user impersonation and privilege escalation.
To mitigate CVE-2025-26658, apply the latest patches provided by SAP for Business One, specifically focusing on the Service Layer component.
CVE-2025-26658 allows attackers to gain unauthorized access to the SAP Business One application and potentially impersonate other users.
CVE-2025-26658 affects all versions of SAP Business One that utilize the vulnerable Service Layer component.
If you are using SAP Business One, ensure you review and implement the latest security patches to mitigate the risks associated with CVE-2025-26658.