Cyber Posture

CVE-2025-0070

Critical

Published: 14 January 2025

Published
14 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0016 36.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0070 is a critical-severity Improper Authentication (CWE-287) vulnerability in Sap (inferred from references). Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-11 Re-authentication good match
prevent

Requires re-authentication prior to privilege escalation, directly countering improper authentication checks that enable authenticated attackers to gain illegitimate high-level access.

AC-6 Least Privilege good match
prevent

Enforces least privilege principle to restrict escalated access to only necessary permissions, mitigating the high-impact privilege escalation from improper authentication.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of approved access authorizations, preventing illegitimate system access resulting from flawed authentication checks in SAP NetWeaver.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct mapping from improper authentication leading to authenticated privilege escalation on a network-accessible service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This…

more

results in a high impact on confidentiality, integrity, and availability.

Deeper analysisAI

CVE-2025-0070 is a vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform that stems from improper authentication checks, classified under CWE-287. Published on 2025-01-14, it enables an authenticated attacker to obtain illegitimate access to the system, resulting in privilege escalation. The issue carries a critical CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker with low privileges over the network, requiring low complexity and no user interaction. Upon successful exploitation, the attacker achieves a scope change, gaining high-level access that compromises confidentiality, integrity, and availability, potentially leading to full system control and broader security concerns.

SAP provides mitigation details in its advisories, including SAP Note 3537476 at https://me.sap.com/notes/3537476 and information on SAP Security Patch Day at https://url.sap/sapsecuritypatchday.

Details

CWE(s)
CWE-287

Affected Products

Sap
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-64423Shared CWE-287
CVE-2026-27939Shared CWE-287
CVE-2025-54918Shared CWE-287
CVE-2026-26128Shared CWE-287
CVE-2026-24294Shared CWE-287
CVE-2026-34990Shared CWE-287
CVE-2026-26119Shared CWE-287
CVE-2025-53778Shared CWE-287
CVE-2024-57490Shared CWE-287
CVE-2025-67158Shared CWE-287

References