CVE-2025-0063HIGH 8.8EPSS p49.2%

CVE-2025-0063CVE-2025-0063

Description

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.72% probability of exploitation · percentile 49.2% · 2026-06-19T12:03:05Z
Published2025-01-14
Last modified2025-10-24

Underlying weaknesses· 1

CWE-89

References

  1. https://me.sap.com/notes/3550816
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0066
CVE
CVE-2026-24310
CVE
CVE-2026-0509
CVE
CVE-2026-0506
CVE
CVE-2026-24309
CVE
CVE-2025-0070
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.