Vulnerability in Sap_se Sap Business One (Service Layer)

CVE-2025-26658

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can eleva…

EPSS: 0.003 (19.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-26658?
CVE-2025-26658 is a medium-severity vulnerability in Sap_se Sap Business One (Service Layer), classified under Session Fixation. CVSS score: 6.8/10. Published 2025-03-11.
How severe is CVE-2025-26658?
Medium severity. CVSS v3 base score is 6.8 out of 10.