CVE-2025-0058

MEDIUM EPSS 24.1%

Published Jan 14, 20251y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jan 14, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

24.1% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-639

Affected Products 9

Vendor	Product	Version	Range
sap	sap_basis	753	any
sap	sap_basis	754	any
sap	sap_basis	755	any
sap	sap_basis	756	any
sap	sap_basis	757	any
sap	sap_basis	758	any
sap	sap_basis	912	any
sap	sap_basis	913	any
sap	sap_basis	914	any

References 2

me.sap.com https://me.sap.com/notes/3542698

Permissions Required
url.sap https://url.sap/sapsecuritypatchday

Patch

Remediation

url.sap https://url.sap/sapsecuritypatchday

Patch