Defense Digests

Critical SAP NetWeaver Vulnerability Let Attackers Bypass Authorization Checks

Dataprise Defense Digest 550x550 square 81b9c004fda6a6de80ab2a0e7f7c7938 46aw13uh8spc

Table of content

Vulnerability Number: CVE-2025-42989

Severity Level: 9.6 (Critical)

Executive Summary

Vulnerability CVE‑2025‑42989 with a CVSS score of 9.6 is a serious privilege escalation vulnerability in SAP NetWeaver Application Server for ABAP (versions 7.89, 7.93, 9.14, 9.15). It stems from inadequate authorization checks during RFC inbound processing. An authenticated attacker with minimal privileges can exploit this flaw to gain elevated rights, potentially compromising system integrity and availability.

Details

The vulnerability targets Remote Function Call (RFC) inbound processing, failing to verify S_RFC authorizations properly. As RFC is fundamental for inter-system communication in SAP landscapes, this flaw could disrupt a wide range of business-critical processes. SAP issued Security Note #3600840 with specific configuration guidance. FAQ Note #3601919 assists administrators in identifying impacted users and adjusting roles accordingly.

Impact

Privilege Escalation for low-privileged users
Execution of sensitive function modules without appropriate checks
Potential compromise of system integrity, confidentiality, and availability
Risk of supply chain disruption due to reliance on RFC in SAP integrations

Mitigation Strategies

Apply SAP Security Note #3600840 immediately
Follow guidance in SAP FAQ Note #3601919
Review and assign S_RFC permissions to appropriate users
Set rfc/authCheckInPlaybook to 1 post-patching
Conduct regression testing to ensure no business process disruptions due to new auth behavior
General Hardening:
- Follow SAP’s Patch Day advisories and best practices.Monitor RFC usage logs.Restrict RFC endpoint access to trusted systems.

Sources

Contributing Authors

Nima Khamooshi – Vice President, Cybersecurity Services
Craig Taylor – Director SOC
Ismael Belem – Cybersecurity Analyst II

Featured Resources

20 May 2025

Dataprise Defense Digest: Critical Windows Vulnerabilities: Privilege Escalation and Remote Code Execution Risks in the Wild

Recent Tweets

INSIGHTS

Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.

Critical SAP NetWeaver Vulnerability Let Attackers Bypass Authorization Checks

Executive Summary

Details

Impact

Mitigation Strategies

Sources

Contributing Authors

Tags

Featured Resources

Learn More

Learn More

Learn More

Recent Tweets

Learn about the latest threats and vulnerabilities with our D3 alerts.

Who is Dataprise?

KEY LINKS

CONTACT