CVE-2025-26661: Missing Authorization check in SAP NetWeaver (ABAP Class Builder)
First published: Tue Mar 11 2025(Updated: )
Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-26661?
CVE-2025-26661 is classified as a high-severity vulnerability due to its potential for privilege escalation.
How can I fix CVE-2025-26661?
To fix CVE-2025-26661, apply the latest security patches and updates provided by SAP for NetWeaver.
What are the potential impacts of CVE-2025-26661?
Exploitation of CVE-2025-26661 could lead to unauthorized access and disclosure of sensitive information.
Who is affected by CVE-2025-26661?
CVE-2025-26661 affects users of SAP NetWeaver, specifically those utilizing the ABAP Class Builder component.
Is there a workaround for CVE-2025-26661?
Currently, the best approach for mitigating CVE-2025-26661 is to ensure the application of security patches rather than relying on workarounds.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/sap
- canonical/sap netweaver