How severe is CVE-2025-31329?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2025-31329?

This is classified as CWE-141, which is a common weakness in software security.

CVE-2025-31329 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.

Related Vulnerabilities

CVE-2020-7868

CRITICAL

CVSS:9.8(Critical)

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

CWE-1412020

CVE-2022-29873

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versi...

CWE-1412022

CVE-2022-29872

HIGH

CVSS:8.8(High)

CWE-1412022

CVE-2022-41665

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versi...

CWE-1412022

CVE-2024-0840

HIGH

CVSS:8.8(High)

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary ...

CWE-1412024