CVE-2025-0061

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP (affected versions not specified) SAP BusinessObjects Business Intelligence Platform (affected versions not specified)

Description The issue is related to an information disclosure vulnerability that allows an unauthenticated attacker to perform session hijacking over the network without any user interaction. This can enable the attacker to access and modify all the data of the application. The vulnerability is associated with the disclosure of system data to unauthorized parties in the controlled area.

Recommendations For SAP NetWeaver Application Server ABAP, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SAP BusinessObjects Business Intelligence Platform, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of session hijacking.