216.73.216.133

CVE-2025-23186

· Published 08/04/2025 08:15 · Modified 08/04/2025 18:13

Labels: CVE-2025-23186 2025-04-08CVE-2025-23186CWE-94[email protected]

Essential information

Published
08/04/2025 08:15
Modified
08/04/2025 18:13
Author
Creator
CVSS
8.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References