High severity8.1NVD Advisory· Published Feb 11, 2025· Updated Apr 15, 2026

CVE-2025-24876

Description

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@sap/approuternpm	>= 2.6.1, < 16.7.2	16.7.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-cpfx-964w-4jvpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-24876ghsaADVISORY
me.sap.com/notes/3567974nvdWEB
support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.htmlghsaWEB
www.npmjs.com/package/@sap/approuternvdWEB
url.sap/sapsecuritypatchdaynvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000