CVE-2025-23187

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP Platform versions prior to the fixed version

Description: The issue is caused by a missing authorization check in an RFC enabled function module in the transaction SDCCN. This allows an unauthenticated attacker to generate technical meta-data, resulting in a low impact on integrity. There is no impact on confidentiality or availability.

Recommendations: For SAP NetWeaver and ABAP Platform versions prior to the fixed version, consider disabling the RFC enabled function module in transaction SDCCN as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.