{"cve":{"cve_id":"CVE-2025-31331","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00304,"epss_percentile":0.21904,"epss_as_of":"2026-06-23","description":"SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.","published_at":"2025-04-08T07:15:23.750000Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-863"],"nvd_references":["https://me.sap.com/notes/3577131","https://url.sap/sapsecuritypatchday"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:21.628086Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"SAP_ABA 700","version_start_inclusive":true,"version_end":"SAP_ABA 700","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:SAP_ABA 700:SAP_ABA 700"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"701","version_start_inclusive":true,"version_end":"701","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:701:701"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"702","version_start_inclusive":true,"version_end":"702","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:702:702"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"731","version_start_inclusive":true,"version_end":"731","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:731:731"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"740","version_start_inclusive":true,"version_end":"740","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:740:740"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"750","version_start_inclusive":true,"version_end":"750","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:750:750"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"751","version_start_inclusive":true,"version_end":"751","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:751:751"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"752","version_start_inclusive":true,"version_end":"752","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:752:752"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75C","version_start_inclusive":true,"version_end":"75C","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75C:75C"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75D","version_start_inclusive":true,"version_end":"75D","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75D:75D"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75E","version_start_inclusive":true,"version_end":"75E","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75E:75E"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75F","version_start_inclusive":true,"version_end":"75F","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75F:75F"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75G","version_start_inclusive":true,"version_end":"75G","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75G:75G"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75H","version_start_inclusive":true,"version_end":"75H","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75H:75H"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver","product_name":"SAP NetWeaver","version_start":"75I","version_start_inclusive":true,"version_end":"75I","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver:75I:75I"}],"exploit_refs":[],"news":[],"references":[{"url":"https://me.sap.com/notes/3577131","source_type":"MISC","tags":[]},{"url":"https://url.sap/sapsecuritypatchday","source_type":"MISC","tags":["patch"]}],"timeline":[{"type":"published","at":"2025-04-08T07:15:23.750000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:44:49.534124Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:49.534124Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:49.534124Z","label":"CVSS score revised","source":"cvelistv5"}]}