CVE-2025-24876 – “SAP Approuter Node.js Authentication Bypass”

The following table lists the changes that have been made to the CVE-2025-24876 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
    Added CWE CWE-601
    Added Reference https://me.sap.com/notes/3567974
    Added Reference https://url.sap/sapsecuritypatchday
    Added Reference https://www.npmjs.com/package/@sap/approuter?activeTab=versions

نوشته های مشابه

CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability

CVE-2024-13643 – Zox News – WordPress News & Magazine Theme Plugin Unauthenticated Option Manipulation Vulnerability

CVE-2025-0180 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability

CVE-2025-0181 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability