1. Home
  2. CVE Database
  3. CVE-2025-25244
MEDIUM · 5.7

CVE-2025-25244

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object c...

Vulnerability Description

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-25244?

CVE-2025-25244 is a vulnerability with a CVSS score of 5.7 (MEDIUM). SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object c...

How severe is CVE-2025-25244?

CVE-2025-25244 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-25244?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.