CVE-2025-0063

Published Jan 14, 2025

Last updated a month ago

CVSS high 8.8

Overview

Description
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cna@sap.com
CWE-89

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0063: Hackers explotan vulnerabilidad crítica de SQL Injection en SAP NetWeaver ABAP 💻 ¡Actualiza ahora!” https://t.co/fIxAMSUxTs

    @tpx_Security

    17 Jan 2025

    134 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Security Bulletin: Multiple SAP NetWeaver Vulnerabilities - CVE-2025-0070; CVE-2025-0066; CVE-2025-0063; CVE-2025-0061 - Please update to the latest software versions as listed in the SAP Security Advisory #RedLeggCTI #ThreatIntel #SAP https://t.co/rVIAVTKdSj

    @RedLegg

    16 Jan 2025

    6 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SAP NetWeaver AS for ABAPおよびABAP Platform(Informixデータベースインターフェース)におけるSQLインジェクション脆弱性 CVE-2025-0063 CVSS 8.8 Critical 攻撃者はSQLクエリを操作して、データの窃取、データベースの破壊、またはシステム全体を制御できます。 https://t.co/gdRxSPddax

    @t_nihonmatsu

    14 Jan 2025

    231 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨Alert🚨 CVE-2025-0063 : SQL Injection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform 📊 3.2K+ Services are found on https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/LLCfY2LHUK 👇Query HUNTER :/product.name="SAP NetWeaver AS for ABAP"… https://t.co/mLkE1h

    @HunterMapping

    14 Jan 2025

    1901 Impressions

    3 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    2 Quotes

  5. SAP NetWeaver AS for ABAPおよびABAP Platform(Informixデータベースインターフェース)におけるSQLインジェクション脆弱性 CVE-2025-0063 CVSS 8.8 Critical 攻撃者はSQLクエリを操作して、不正なデータの抽出、データベースの破損、またはシステム全体の制御を取得できます。 https://t.co/HHHeQVJgJP

    @t_nihonmatsu

    14 Jan 2025

    109 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-0063: HIGH] Vulnerability in SAP NetWeaver AS ABAP allows unauthorized access to RFC function modules, potentially compromising data integrity and confidentiality. #cybersecurity#cybersecurity,#vulnerability https://t.co/dbAcp6Prt3 https://t.co/94Md8n9TEu

    @CveFindCom

    14 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References