CVE-2025-23190

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP platform (ST-PI) version ST-PI 2008 1 700

Description: The issue is due to a missing authorization check, allowing an authenticated attacker to call a remote-enabled function module and access data they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.

Recommendations: For SAP NetWeaver and ABAP platform (ST-PI) version ST-PI 2008 1 700, consider restricting access to the remote-enabled function module until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.