CVE-2025-23190

Published Feb 11, 2025

Last updated 12 days ago

CVSS medium 4.3

Overview

Description
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-862

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-23190 ๐ŸŸ  MEDIUM (4.3) ๐Ÿข SAP_SE - SAP NetWeaver and ABAP platform (ST-PI) ๐Ÿ—๏ธ ST-PI 2008_1_700 ๐Ÿ”— https://t.co/kTZMNN5xDf ๐Ÿ”— https://t.co/f5sXJgkGmG #CyberCron #VulnAlert https://t.co/ULfd6uwsmK

    @cybercronai

    12 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References