CVE-2025-24869

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions 7.50

Description: The issue allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario, sensitive information could be exposed without compromising its integrity or availability.

Recommendations: For SAP NetWeaver Application Server Java version 7.50, consider restricting access to the vulnerable endpoint to minimize the risk of exploitation. As a temporary workaround, limit the exposure of sensitive information by restricting access to the XML definitions of deployed server components.