Auth bypass in Sap_se Sap Netweaver (Abap Class Builder)
CVE-2025-26661
Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosur…
Vulnerability class: Broken Access Control
EPSS: 0.004 (31.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Sap_se Sap Netweaver (Abap Class Builder) — versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-26661?
- CVE-2025-26661 is a high-severity vulnerability in Sap_se Sap Netweaver (Abap Class Builder), classified under Missing Authorization. CVSS score: 8.8/10. Published 2025-03-11.
- How severe is CVE-2025-26661?
- High severity. CVSS v3 base score is 8.8 out of 10.