CVE-2025-24876HIGH 8.1EPSS p37.3%

CVE-2025-24876CVE-2025-24876

Description

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS0.47% probability of exploitation · percentile 37.3% · 2026-06-19T12:03:05Z
Published2025-02-11
Last modified2026-04-15

Underlying weaknesses· 2

CWE-302CWE-1287

References

  1. https://me.sap.com/notes/3567974
  2. https://url.sap/sapsecuritypatchday
  3. https://www.npmjs.com/package/@sap/approuter?activeTab=versions

2

TypeTargetConfidenceTier
WeaknessImproper Validation of Specified Type of Inputcwe-12870%live
WeaknessAuthentication Bypass by Assumed-Immutable Datacwe-3020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27674
CVE
CVE-2025-0070
CVE
CVE-2025-0066
CVE
SAP Multiple Products HTTP Request Smuggling Vulnerability
CVE
CVE-2026-34257
CVE
CVE-2025-26661
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.