Platform
sap
Component
sap-netweaver-application-server-abap
Opgelost in
64.0.1
7.22.1
64.0.1
7.53.1
7.22.1
7.54.1
7.77.1
7.89.1
7.93.1
CVE-2025-23186 describes a Remote Function Call (RFC) vulnerability in SAP NetWeaver Application Server ABAP. This flaw allows an authenticated attacker to craft malicious RFC requests, potentially exposing credentials for remote services. The vulnerability impacts versions of SAP NetWeaver Application Server ABAP up to and including KRNL64UC 7.22. A patch is available from SAP to address this issue.
Successful exploitation of CVE-2025-23186 can lead to a complete compromise of the targeted remote service. By crafting a specific RFC request, an attacker can bypass security controls and obtain credentials that would otherwise be inaccessible. These credentials can then be leveraged to gain unauthorized access, modify data, or disrupt service operations. The potential impact extends beyond the immediate application, as compromised credentials could be used for lateral movement within the SAP environment and potentially to other connected systems. This vulnerability shares similarities with other RFC-based privilege escalation attacks, highlighting the importance of strict access controls and input validation.
CVE-2025-23186 was publicly disclosed on April 8, 2025. Exploitation probability is currently assessed as medium, given the authentication requirement and the need for crafting specific RFC requests. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature suggests it could be readily exploited once a PoC is released. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on SAP NetWeaver Application Server ABAP for critical business processes are particularly at risk. Environments with weak access controls or inadequate network segmentation are also more vulnerable. Shared hosting environments where multiple tenants share the same SAP instance should be carefully assessed for potential cross-tenant exposure.
• linux / server:
journalctl -u sapstartsrv | grep RFC• generic web:
curl -I <rfc_endpoint>• database (mysql, redis, mongodb, postgresql): N/A - This vulnerability is not directly related to database systems. • windows / supply-chain: N/A - This vulnerability is not directly related to Windows systems. • wordpress / composer / npm: N/A - This vulnerability is not directly related to web application frameworks.
disclosure
Exploit Status
EPSS
0.21% (43% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-23186 is to upgrade to a patched version of SAP NetWeaver Application Server ABAP. Refer to the official SAP security note for the specific fixed version. If immediate patching is not feasible, consider implementing stricter access controls on RFC destinations to limit the potential attack surface. Implement network segmentation to restrict access to RFC services from untrusted networks. Monitor RFC activity for suspicious patterns and unauthorized access attempts. After upgrading, verify the fix by attempting to trigger the vulnerable RFC call with a modified request and confirming that the authentication mechanism remains secure.
Aplique las actualizaciones o parches proporcionados por SAP para corregir la vulnerabilidad de llamada a función remota (RFC) en SAP NetWeaver Application Server ABAP. Consulte la nota SAP 3554667 para obtener más detalles e instrucciones específicas sobre cómo aplicar la solución.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-23186 is a HIGH severity vulnerability in SAP NetWeaver Application Server ABAP allowing authenticated attackers to expose credentials via crafted RFC requests, potentially leading to remote service compromise.
You are affected if you are running SAP NetWeaver Application Server ABAP versions up to and including KRNL64UC 7.22. Check your version and apply the recommended patch.
Upgrade to a patched version of SAP NetWeaver Application Server ABAP as specified in the official SAP security note. Implement stricter access controls and network segmentation as interim measures.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's nature suggests it could be readily exploited once a proof-of-concept is released. Monitoring is advised.
Refer to the official SAP Security Notes published on the SAP Support Portal for detailed information and the corresponding patch: [https://www.sap.com/security/support.html](https://www.sap.com/security/support.html)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.