CVE-2025-0063
Published: 14 January 2025
Summary
CVE-2025-0063 is a high-severity SQL Injection (CWE-89) vulnerability in Sap Sap Basis. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates enforcement of approved authorizations for logical access to RFC function modules and the underlying Informix database, addressing the core failure in authorization checks.
Requires timely remediation of the specific flaw through application of SAP patches in Note 3550816, which implement the missing authorization checks.
Limits the privileges of basic user accounts to only necessary access, reducing the attack surface and potential impact of exploiting un-enforced RFC authorizations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization checks on RFC modules in exposed SAP NetWeaver enable remote exploitation by low-priv valid accounts for unauthorized DB access/control (T1190 public-facing app exploit, T1068 priv esc, T1078 valid accounts abuse).
NVD Description
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading…
more
to complete compromise of confidentiality, integrity and availability.
Deeper analysisAI
CVE-2025-0063 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) in SAP NetWeaver AS ABAP and ABAP Platform, published on 2025-01-14. It stems from a failure to perform authorization checks when users execute certain RFC function modules (CWE-89), enabling unauthorized access and control over data in the underlying Informix database, which can result in full compromise of confidentiality, integrity, and availability.
The vulnerability can be exploited by an attacker possessing basic user privileges over the network with low attack complexity and no user interaction required. Successful exploitation grants the attacker complete control over Informix database data, allowing arbitrary read, modification, or deletion operations that undermine the system's core security properties.
Mitigation guidance is provided in SAP Note 3550816 and on the SAP Security Patch Day page at the referenced URLs, which detail patches and remediation steps for affected systems.
Details
- CWE(s)