CVE-2025-26661HIGH 8.8EPSS p31.5%

CVE-2025-26661CVE-2025-26661

Description

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.5% · 2026-06-18T12:00:27Z
Published2025-03-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://me.sap.com/notes/3563927
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42953
CVE
CVE-2025-0070
CVE
CVE-2026-27681
CVE
CVE-2026-24310
CVE
CVE-2025-0066
CVE
CVE-2026-44751
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.