CVE-2025-0067

Common Vulnerabilities and Exposures

Last Post by Rinki Singh 1 month ago

1 Posts

1 Users

0 Reactions

119 Views

RSS

Rinki Singh

(@rinki)

Posts: 113

Trusted Member

Topic starter

Description

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application.

References

https://me.sap.com/notes/3540108

https://url.sap/sapsecuritypatchday

https://nvd.nist.gov/vuln/detail/CVE-2025-0067

Posted : 09/02/2026 5:09 pm

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed