CVE-2025-0066

CRITICAL Year: 2025
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-732
View all →

Vulnerability Description

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application

Related Vulnerabilities

CVE-2021-33509

CRITICAL
CVSS:9.9(Critical)

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

CWE-7322021

CVE-2023-40622

CRITICAL
CVSS:9.9(Critical)

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...

CWE-7322023

CVE-2024-5618

CRITICAL
CVSS:9.9(Critical)

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...

CWE-7322024

CVE-2011-3923

CRITICAL
CVSS:9.8(Critical)

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CWE-7322011

CVE-2012-2087

CRITICAL
CVSS:9.8(Critical)

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface.

CWE-7322012

CVE-2017-1000153

CRITICAL
CVSS:9.8(Critical)

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default ...

CWE-7322017