CVE-2025-0063 SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

🗓️ 14 Jan 2025 00:09:28Reported by sapType

SQL Injection vulnerability in SAP NetWeaver allows unauthorized access to Informix database data.

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the lack of measures taken to protect the SQL query structure. This allows attackers to execute arbitrary code.	27 Jan 202500:00	–	bdu_fstec
Circl	CVE-2025-0063	14 Jan 202501:18	–	circl
CNNVD	SAP NetWeaver AS SQL注入漏洞	13 Jan 202500:00	–	cnnvd
CNVD	SAP NetWeaver AS SQL Injection Vulnerability (CNVD-2025-07612)	21 Mar 202500:00	–	cnvd
CVE	CVE-2025-0063	14 Jan 202500:09	–	cve
EUVD	EUVD-2025-1492	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Jan 202511:50	–	ncsc
NVD	CVE-2025-0063	14 Jan 202501:15	–	nvd
Positive Technologies	PT-2024-10299 · Sap +1 · Sap Netweaver As Abap +2	12 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2025-0063	6 Feb 202502:15	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3550816

14 Jan 2025 00:09Current

CVSS 3.18.8

EPSS0.0025

CWE-89