CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

🗓️ 08 Apr 2025 07:13:58Reported by sapType

Missing Authorization Check in SAP NetWeaver ABAP allows unauthorized access to non-sensitive data.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-27437	8 Apr 202507:46	–	circl
CNNVD	SAP NetWeaver Server ABAP 安全漏洞	8 Apr 202500:00	–	cnnvd
CNVD	SAP NetWeaver Server ABAP Authorization Issues Vulnerability	18 Apr 202500:00	–	cnvd
CVE	CVE-2025-27437	8 Apr 202507:13	–	cve
EUVD	EUVD-2025-10101	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	30 Apr 202513:12	–	ncsc
NVD	CVE-2025-27437	8 Apr 202508:15	–	nvd
RedhatCVE	CVE-2025-27437	10 Apr 202508:24	–	redhatcve
Tenable Nessus	SAP NetWeaver AS ABAP Access Control (3568778)	11 Apr 202500:00	–	nessus
Vulnrichment	CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)	8 Apr 202507:13	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Application Server ABAP (Virus Scan Interface)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3568778

08 Apr 2025 07:13Current

CVSS 3.14.3

EPSS0.00168

CWE-862