June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Fortinet Products Vulnerabilities
January 15, 2025
Microsoft Patches 3 Actively Exploited Zero-Day Vulnerabilities in Latest Security Update
January 15, 2025
Multiple Fortinet Products Vulnerabilities
January 15, 2025
Microsoft Patches 3 Actively Exploited Zero-Day Vulnerabilities in Latest Security Update
January 15, 2025
Severity
High
Analysis Summary
CVE-2025-0066 CVSS:9.9
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application.
CVE-2025-0063 CVSS:8.8
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.
CVE-2025-0070 CVSS:9.9
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.
CVE-2025-0069 CVSS:7.8
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate users Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server.
Impact
- Information Disclosure
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-0066
CVE-2025-0063
CVE-2025-0070
CVE-2025-0069
Affected Vendors
SAP
Affected Products
- SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) - SAP_BASIS 700 - SAP_BASIS 701 - SAP_BASIS 702 - SAP_BASIS 731
- SAP_BASIS 740 - SAP_BASIS 750 - SAP_BASIS 751 - SAP_BASIS 752 - SAP_BASIS 753 - SAP_BASIS 754 - SAP_BASIS 755 - SAP_BASIS 756
- SAP_BASIS 757 - SAP_BASIS 758 - SAP_BASIS 912 - SAP_BASIS 913 - SAP_BASIS 914
- SAP_SE SAP NetWeaver AS ABAP and ABAP Platform - SAP_BASIS 700 - SAP_BASIS 701 - SAP_BASIS 702
- SAP_BASIS 731 - SAP_BASIS 740 - SAP_BASIS 750 - SAP_BASIS 751 - SAP_BASIS 752 - SAP_BASIS 753
- SAP_BASIS 754 - SAP_BASIS 755 - SAP_BASIS 756 - SAP_BASIS 757 - SAP_BASIS 758
- SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform - KRNL64NUC 7.22
- SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform KRNL64UC 7.22 - 7.53 - 8.04
- SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform KERNEL 7.22 - 7.54 - 7.77 - 7.89 - 7.93 - 7.97 - 9.12 - 9.13 - 9.14
Remediation
Current SAP customers should refer to the SAP note for patch information, available from the SAP Website (login required).