Auth bypass in Sap_se Sap Netweaver (Abap Class Builder)

CVE-2025-26661

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosur…

Vulnerability class: Broken Access Control

EPSS: 0.004 (31.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-26661?
CVE-2025-26661 is a high-severity vulnerability in Sap_se Sap Netweaver (Abap Class Builder), classified under Missing Authorization. CVSS score: 8.8/10. Published 2025-03-11.
How severe is CVE-2025-26661?
High severity. CVSS v3 base score is 8.8 out of 10.