CVE-2025-23193
Published: 11 February 2025
Summary
CVE-2025-23193 is a medium-severity Observable Response Discrepancy (CWE-204) vulnerability in Sap Sap Basis. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Discovery (T1087); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-11 requires error messages to avoid revealing exploitable information like user existence, directly mitigating the observable response discrepancy in CVE-2025-23193.
SI-2 mandates timely flaw remediation, such as applying SAP patches for this specific information disclosure vulnerability.
AU-13 enables monitoring for events signaling information disclosure, such as anomalous requests probing user enumeration in CVE-2025-23193.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote enumeration of valid usernames via response discrepancies (T1087 Account Discovery) and directly facilitates credential guessing/brute force (T1110.001 Password Guessing).
NVD Description
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has…
more
no impact on server availability.
Deeper analysisAI
CVE-2025-23193 is an information disclosure vulnerability in SAP NetWeaver Server ABAP. It allows an unauthenticated attacker to exploit differences in server responses based on the existence of a specified user, potentially revealing sensitive information about valid usernames. The issue is classified under CWE-204 (Observable Response Discrepancy) and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact and no effects on integrity or availability.
An unauthenticated attacker with network access to the SAP NetWeaver Server ABAP can exploit this vulnerability remotely with low complexity and no user interaction required. By sending crafted requests specifying particular users, the attacker can enumerate valid user accounts through observable differences in server responses, aiding further attacks like credential guessing, but without enabling data modification or service disruption.
SAP advisories provide mitigation details, including a security note at https://me.sap.com/notes/3561264 and patches released as part of SAP Security Patch Day at https://url.sap/sapsecuritypatchday. Security practitioners should apply these updates promptly to affected systems.
Details
- CWE(s)