Medium severity4.9NVD Advisory· Published Mar 11, 2025· Updated Apr 15, 2026

CVE-2025-0071

Description

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3558132nvd
url.sap/sapsecuritypatchdaynvd

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000