CVE-2025-24872
📋 TL;DR
This vulnerability in SAP ABAP Platform's ABAP Build Framework allows authenticated attackers to access a specific transaction without proper authorization. Attackers can view transaction details by exploiting the add-on build functionality, compromising confidentiality. Only SAP ABAP Platform users with authenticated access are affected.
💻 Affected Systems
- SAP ABAP Platform
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains unauthorized access to sensitive transaction data, potentially exposing business logic, configuration details, or proprietary information.
Likely Case
An authenticated user with malicious intent accesses transaction details they shouldn't have permission to view, potentially learning about system operations or sensitive configurations.
If Mitigated
With proper access controls and monitoring, impact is limited to viewing transaction details without ability to modify data or disrupt operations.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of the ABAP Build Framework; attacker must execute add-on build functionality
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Note 3553753 for specific patch information
Vendor Advisory: https://me.sap.com/notes/3553753
Restart Required: Yes
Instructions:
1. Review SAP Note 3553753 for specific patch details
2. Apply the SAP Security Patch as per standard SAP patching procedures
3. Restart affected SAP systems
4. Verify the patch has been applied successfully
🔧 Temporary Workarounds
Restrict ABAP Build Framework Access
allLimit access to the ABAP Build Framework to only authorized users who require it for their job functions
Implement Transaction Code Monitoring
allMonitor usage of the specific transaction mentioned in the vulnerability to detect unauthorized access attempts
🧯 If You Can't Patch
- Implement strict access controls to limit who can use the ABAP Build Framework
- Monitor audit logs for unauthorized access to the vulnerable transaction
🔍 How to Verify
Check if Vulnerable:
Check if your SAP ABAP Platform version is affected by consulting SAP Note 3553753 and verifying your system versionCheck Version:
Use SAP transaction code SM51 or SM50 to check system version and patch levelVerify Fix Applied:
Verify that the SAP Security Patch from Note 3553753 has been applied to your system📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to the specific transaction
- Unusual activity in ABAP Build Framework logs
- Multiple failed authorization checks for the vulnerable transaction
Network Indicators:
- Unusual patterns of SAP GUI or RFC connections to the affected system
SIEM Query:
Search for transaction code usage patterns in SAP audit logs, focusing on the specific vulnerable transaction mentioned in the CVE