CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

🗓️ 09 Dec 2025 02:15:18Reported by sapType

Missing authorization check in SAP Enterprise Search for ABAP allows users with high privileges to export data

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-42891	9 Dec 202508:08	–	circl
CNNVD	SAP Application Server for ABAP 安全漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-42891	9 Dec 202502:15	–	cve
EUVD	EUVD-2025-201847	9 Dec 202518:30	–	euvd
NCSC	Vulnerabilities fixed in SAP Software	12 Dec 202509:29	–	ncsc
NVD	CVE-2025-42891	9 Dec 202516:17	–	nvd
Positive Technologies	PT-2025-49770	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42891	10 Dec 202502:32	–	redhatcve
Vulnrichment	CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP	9 Dec 202502:15	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Enterprise Search for ABAP",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 816"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3659117

09 Dec 2025 02:15Current

CVSS 3.15.5

EPSS0.00035

CWE-862