CVE-2025-25244
Description
SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SAP Business Warehouse Process Chains missing authorization check allows attackers with display access to skip process steps, causing integrity impact on business reporting.
Vulnerability
Overview
CVE-2025-25244 describes a missing authorization check in SAP Business Warehouse (Process Chains). An attacker who possesses display authorization for a process chain object can manipulate the execution of that chain by setting one or all processes to be skipped. This flaw stems from insufficient validation of user permissions when modifying process execution states.
Exploitation
Prerequisites
To exploit this vulnerability, an attacker must have valid SAP credentials with at least display authorization for the target process chain object. No special network access is required beyond normal authenticated access to the SAP system. The attacker can then alter the process chain configuration to skip specific steps, such as data loading, activation, or deletion, without needing additional privileges.
Impact
Successful exploitation leads to integrity impact: the intended sequence of activities is not executed as modeled, which can result in unexpected or incomplete business reporting. The CVSS v3 base score is 5.7 (Medium), reflecting significant integrity impact but no impact on confidentiality or availability.
Mitigation
SAP has addressed this issue in its monthly Security Patch Day [1]. Organizations running affected versions of SAP Business Warehouse should apply the corresponding SAP Security Note as soon as possible. No workarounds have been published; patching is the recommended course of action.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.