Platform
sap
Component
sap-netweaver-application-server-abap
Fixed in
64.0.1
7.22.1
64.0.1
7.53.1
7.22.1
7.54.1
7.77.1
7.89.1
7.93.1
CVE-2025-23186 describes a Remote Function Call (RFC) vulnerability in SAP NetWeaver Application Server ABAP. This flaw allows an authenticated attacker to craft malicious RFC requests, potentially exposing credentials for remote services. The vulnerability impacts versions of SAP NetWeaver Application Server ABAP up to and including KRNL64UC 7.22. A patch is available from SAP to address this issue.
Successful exploitation of CVE-2025-23186 can lead to a complete compromise of the targeted remote service. By crafting a specific RFC request, an attacker can bypass security controls and obtain credentials that would otherwise be inaccessible. These credentials can then be leveraged to gain unauthorized access, modify data, or disrupt service operations. The potential impact extends beyond the immediate application, as compromised credentials could be used for lateral movement within the SAP environment and potentially to other connected systems. This vulnerability shares similarities with other RFC-based privilege escalation attacks, highlighting the importance of strict access controls and input validation.
CVE-2025-23186 was publicly disclosed on April 8, 2025. Exploitation probability is currently assessed as medium, given the authentication requirement and the need for crafting specific RFC requests. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests it could be readily exploited once a PoC is released. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.21% (43% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-23186 is to upgrade to a patched version of SAP NetWeaver Application Server ABAP. Refer to the official SAP security note for the specific fixed version. If immediate patching is not feasible, consider implementing stricter access controls on RFC destinations to limit the potential attack surface. Implement network segmentation to restrict access to RFC services from untrusted networks. Monitor RFC activity for suspicious patterns and unauthorized access attempts. After upgrading, verify the fix by attempting to trigger the vulnerable RFC call with a modified request and confirming that the authentication mechanism remains secure.
Apply the updates or patches provided by SAP to correct the Remote Function Call (RFC) vulnerability in SAP NetWeaver Application Server ABAP. Refer to SAP note 3554667 for more details and specific instructions on how to apply the fix.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-23186 is a HIGH severity vulnerability in SAP NetWeaver Application Server ABAP allowing authenticated attackers to expose credentials via crafted RFC requests, potentially leading to remote service compromise.
You are affected if you are running SAP NetWeaver Application Server ABAP versions up to and including KRNL64UC 7.22. Check your version and apply the recommended patch.
Upgrade to a patched version of SAP NetWeaver Application Server ABAP as specified in the official SAP security note. Implement stricter access controls and network segmentation as interim measures.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's nature suggests it could be readily exploited once a proof-of-concept is released. Monitoring is advised.
Refer to the official SAP Security Notes published on the SAP Support Portal for detailed information and the corresponding patch: [https://www.sap.com/security/support.html](https://www.sap.com/security/support.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.