CVE-2025-23190
Description
Missing authorization check in a remote-enabled function module allows authenticated attackers to access unauthorized data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization check in a remote-enabled function module allows authenticated attackers to access unauthorized data.
Vulnerability
Overview CVE-2025-23189 is a missing authorization check in a remote-enabled function module. The root cause is the failure to verify whether an authenticated user has the necessary permissions to invoke the function, leading to unauthorized data access.
Exploitation
An authenticated attacker can exploit this vulnerability by calling the remote-enabled function module without proper authorization. The attacker must have valid credentials but can access data beyond their intended scope. No special network position or additional privileges are required beyond authentication.
Impact
The impact is limited to unauthorized read access to data. The attacker cannot modify data or affect system availability, as stated in the CVE description [1]. The confidentiality impact is partial, with no integrity or availability impact.
Mitigation
SAP has released a security note as part of its regular Security Patch Day to address this vulnerability [1]. Users are advised to apply the latest patch or follow recommended workarounds provided by SAP.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.