CVE-2025-42974
Description
Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization check in SAP remote-enabled function module allows non-admin users to access restricted information, with low confidentiality impact.
The vulnerability arises from a missing authorization check in a remote-enabled function module within an SAP system. This flaw allows an authenticated user without administrative privileges to invoke the function module, bypassing intended access controls.
An attacker who is authenticated as a non-administrative user can exploit this by calling the vulnerable remote-enabled function module remotely. No special network position or additional privileges are required beyond standard user authentication.
The exploitation results in unauthorized access to information that is normally restricted, leading to a low impact on confidentiality. There is no impact on integrity or availability as per the advisory.
SAP has addressed this issue in its Security Patch Day releases [1]. Organizations should apply the relevant security notes to remediate the vulnerability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.