VYPR
Unrated severityNVD Advisory· Published Jul 8, 2025· Updated Jul 8, 2025

Missing Authorization check in SAP NetWeaver and ABAP Platform

CVE-2025-42986

Description

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.