CVE-2025-31329
Essential information
- Published
- 13/05/2025 01:15
- Modified
- 13/05/2025 01:15
- Author
- —
- Creator
- —
- CVSS
- 6.2 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- HIGH
- User interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- NONE
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| sap / sap netweaver | cpe:2.3:a:sap:sap_netweaver:*:*:*:*:*:*:*:* |