CVE-2025-24876

High CVSS: 8.1

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application

Vendor

Product

CWE

CWE-302

Yayın Tarihi

2025-02-11 01:15:11

Güncelleme

2025-02-18 20:15:31

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-302 HIGH 2025

Referanslar

https://me.sap.com/notes/3567974 https://url.sap/sapsecuritypatchday https://www.npmjs.com/package/@sap/approuter?activeTab=versions