CVE-2025-0067

Vulnerability

Details

A missing authorization check on service endpoints in SAP NetWeaver Application Server Java allows an attacker with a standard user role to create JCo connection entries. JCo (Java Connector) is used for remote function calls (RFC) from or to the application server. This flaw stems from insufficient access control on the relevant service endpoints, enabling unauthorized creation of these connections.

Exploitation

An attacker must have a standard user role on the SAP system, which is a low-privilege account. No additional authentication is required beyond that role. The attack can be performed remotely over the network, likely through the application's web interface or RFC gateway. The attacker can create JCo connection entries that may be used to initiate or receive remote function calls.

Impact

Successful exploitation leads to low impact on confidentiality, integrity, and availability of the application. The attacker could potentially manipulate RFC connections to intercept or alter data, or disrupt communication between systems. However, the impact is limited due to the low severity rating.

Mitigation

SAP has addressed this vulnerability through its regular Security Patch Day. Administrators should apply the relevant SAP Security Notes as soon as possible to protect their systems. [1] The vendor recommends implementing these corrections at a priority to prevent potential exploitation.