What is CVE-2025-24876?

CVE-2025-24876 is a high-severity vulnerability in Sap_se Sap Approuter Node.js Package, classified under CWE-1287. CVSS score: 8.1/10. Published 2025-02-11.

How severe is CVE-2025-24876?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Sap_se Sap Approuter Node.js Package

CVE-2025-24876

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on c…

EPSS: 0.002 (36.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Sap_se Sap Approuter Node.js Package — versions 2.6.1 to 16.7.1

Weakness classification (CWE)

CWE-1287
CWE-302 — Authentication Bypass by Assumed-Immutable Data

References

me.sap.com/notes/3567974
www.npmjs.com/package/@sap/approuter
url.sap/sapsecuritypatchday

Frequently asked questions

What is CVE-2025-24876?: CVE-2025-24876 is a high-severity vulnerability in Sap_se Sap Approuter Node.js Package, classified under CWE-1287. CVSS score: 8.1/10. Published 2025-02-11.
How severe is CVE-2025-24876?: High severity. CVSS v3 base score is 8.1 out of 10.