CVE-2025-0053

{"id": "CVE-2025-0053", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T01:15:15.403", "references": [{"url": "https://me.sap.com/notes/3536461", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits."}, {"lang": "es", "value": " SAP NetWeaver Application Server para ABAP y la plataforma ABAP permite a un atacante obtener acceso no autorizado a la informaci\u00f3n del sistema. Al utilizar un par\u00e1metro de URL espec\u00edfico, un atacante no autenticado podr\u00eda recuperar detalles como la configuraci\u00f3n del sistema. Esto tiene un impacto limitado en la confidencialidad de la aplicaci\u00f3n y puede aprovecharse para facilitar otros ataques o exploits."}], "lastModified": "2025-10-24T19:24:55.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5"}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6"}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71"}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA"}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8"}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153"}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB"}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D"}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC"}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}