CVE-2025-23194 Overview
CVE-2025-23194 affects SAP NetWeaver Enterprise Portal Object-Based Navigation (OBN). The component fails to enforce authentication on a specific configuration setting. An unauthenticated remote attacker can modify this setting over the network, producing a low integrity impact on the application. Confidentiality and availability remain unaffected.
The weakness is classified under [CWE-306] Missing Authentication for Critical Function. The flaw is remotely reachable with low attack complexity and requires no user interaction or privileges. SAP addressed the issue in SAP Note #3561792 published on SAP Security Patch Day.
Critical Impact
Unauthenticated network attackers can alter an OBN configuration setting in SAP NetWeaver Enterprise Portal, tampering with application integrity without any credentials.
Affected Products
- SAP NetWeaver Enterprise Portal (Object-Based Navigation component)
- Refer to SAP Note #3561792 for the specific supported package versions
- Environments exposing the SAP Enterprise Portal to untrusted networks
Discovery Timeline
- 2025-03-11 - CVE-2025-23194 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-23194
Vulnerability Analysis
SAP NetWeaver Enterprise Portal provides Object-Based Navigation (OBN) to route users between portal objects and back-end SAP systems. The vulnerable code path exposes a configuration setting that should be reachable only by authenticated administrative users. The OBN component does not verify the requester's identity before accepting a write to this setting.
As a result, an unauthenticated network client can submit a request that changes the setting to an attacker-chosen value. The change modifies runtime behavior tied to that configuration option, yielding a low integrity impact. Confidentiality and availability of the portal are not affected, according to the CVSS characterization.
Exploitation does not require user interaction, session context, or any prior foothold. The attack is executed by issuing a single crafted HTTP request against a reachable Enterprise Portal endpoint.
Root Cause
The root cause is a missing authentication check on a privileged configuration endpoint within the OBN module [CWE-306]. Access control logic that should gate writes to the setting is either absent or bypassed for the affected code path, allowing anonymous callers to invoke it.
Attack Vector
The attack vector is network-based. An attacker sends an HTTP or HTTPS request to the Enterprise Portal's OBN interface targeting the unprotected configuration operation. Because no credentials are validated, the request is processed and the setting is written. Exposure is highest for portals accessible from the internet or from broad internal network segments. Refer to the SAP Note #3561792 for the specific affected endpoint and fix details.
Detection Methods for CVE-2025-23194
Indicators of Compromise
- Unexpected changes to OBN configuration values in the Enterprise Portal without a corresponding administrative session
- HTTP requests to OBN-related portal paths originating from unauthenticated sources or unknown IP addresses
- Portal audit log entries showing configuration writes with missing or anonymous user context
Detection Strategies
- Enable and review SAP Security Audit Log entries covering portal configuration changes and OBN administrative actions
- Baseline OBN configuration values and alert on any drift from the approved state
- Correlate web server access logs for OBN endpoints with authenticated session identifiers to identify anonymous access
Monitoring Recommendations
- Forward SAP NetWeaver Enterprise Portal logs, HTTP access logs, and audit logs to a centralized SIEM for retention and correlation
- Alert on repeated requests to portal administrative or OBN paths from external networks
- Track configuration integrity by scheduled export and comparison of OBN settings against a known-good baseline
How to Mitigate CVE-2025-23194
Immediate Actions Required
- Apply the fix referenced in SAP Note #3561792 to all affected SAP NetWeaver Enterprise Portal instances
- Restrict network exposure of the Enterprise Portal so that OBN endpoints are not reachable from untrusted networks
- Audit current OBN configuration values and restore any that deviate from the approved baseline
Patch Information
SAP released the fix on SAP Security Patch Day. Administrators must implement the corrections detailed in SAP Note #3561792 and review the SAP Security Patch Day bulletin for the applicable support package and kernel levels.
Workarounds
- Place the Enterprise Portal behind a reverse proxy or web application firewall that blocks unauthenticated requests to OBN administrative paths
- Enforce network segmentation and VPN-only access for portal administration endpoints until patches are applied
- Increase Security Audit Log verbosity for OBN and configuration operations to detect exploitation attempts
# Configuration example
# Refer to SAP Note #3561792 for the authoritative patch instructions.
# General remediation workflow:
# 1. Download the SAP Note and associated support package from the SAP ONE Support Launchpad.
# 2. Stage the correction in a non-production Enterprise Portal system.
# 3. Validate OBN functionality and configuration integrity post-patch.
# 4. Promote the fix to production during the next maintenance window.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

