Cyber Resilience

CVE-2025-0063

High

Published: 14 January 2025

Published
14 January 2025
Modified
24 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0063 is a high-severity SQL Injection (CWE-89) vulnerability in Sap Sap Basis. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0063 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) in SAP NetWeaver AS ABAP and ABAP Platform, published on 2025-01-14. It stems from a failure to perform authorization checks when users execute certain RFC function modules (CWE-89), enabling unauthorized access and control over data in the underlying Informix database, which can result in full compromise of confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker possessing basic user privileges over the network with low attack complexity and no user interaction required. Successful exploitation grants the attacker complete control over Informix database data, allowing arbitrary read, modification, or deletion operations that undermine the system's core security properties.

Mitigation guidance is provided in SAP Note 3550816 and on the SAP Security Patch Day page at the referenced URLs, which detail patches and remediation steps for affected systems.

EU & UK References

Vulnerability details

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading…

more

to complete compromise of confidentiality, integrity and availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Missing authorization checks on RFC modules in exposed SAP NetWeaver enable remote exploitation by low-priv valid accounts for unauthorized DB access/control (T1190 public-facing app exploit, T1068 priv esc, T1078 valid accounts abuse).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0066Same product: Sap Sap Basis
CVE-2026-23687Same product: Sap Sap Basis
CVE-2025-23193Same product: Sap Sap Basis
CVE-2026-0506Same vendor: Sap
CVE-2026-0488Same vendor: Sap
CVE-2026-24322Same vendor: Sap
CVE-2026-0492Same vendor: Sap
CVE-2026-0508Same vendor: Sap
CVE-2026-0509Same vendor: Sap
CVE-2025-0064Same vendor: Sap

Affected Assets

sap
sap basis
700, 701, 702, 731, 740

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates enforcement of approved authorizations for logical access to RFC function modules and the underlying Informix database, addressing the core failure in authorization checks.

prevent

Requires timely remediation of the specific flaw through application of SAP patches in Note 3550816, which implement the missing authorization checks.

prevent

Limits the privileges of basic user accounts to only necessary access, reducing the attack surface and potential impact of exploiting un-enforced RFC authorizations.

References