CVE-2025-30015
Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.
We have discovered 27 live websites that are affected by CVE-2025-30015.
Affected Software
| Product |  NetWeaver Application Server |
| Category | Web Application Server |
| Vulnerable Domains | 27 live websites (19% of NetWeaver Application Server install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 13% of all versions) |
Common Weakness Enumeration
CWE-787 Out-of-bounds WriteDetails
- Published - Apr 8, 2025
- Updated - Apr 8, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-30015 United States | 14 websites |
 India | 3 websites |
 Germany | 2 websites |
 Italy | 2 websites |
 Switzerland | 1 websites |
 China | 1 websites |
 Colombia | 1 websites |
 Malaysia | 1 websites |
 Netherlands | 1 websites |
 Vietnam | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-30015| .com | 12 websites |
| .com.cn | 1 websites |
| .de | 1 websites |
| .it | 1 websites |
| .net | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-30015
Top websites that are affected by CVE-2025-30015. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.*********.gov | United States | *,***,*** | |
| ***.**.gov | United States | *,***,*** | |
| **************.***.*********.gov | United States | *,***,*** | |
| ********.******.com | United States | *,***,*** | |
| ***************.com | United States | *,***,*** | |
| ******.*****.**.gov | United States | *,***,*** | |
| ***********.*****.com | Germany | *,***,*** | |
| ***.*************.com | United States | *,***,*** | |
| *****.*******.***.cn | China | **,***,*** | |
| *********.*********.it | Italy | **,***,*** |
FAQ
CVE-2025-30015 is Out-of-bounds Write in NetWeaver Application Server
A total of 27 websites have been identified as vulnerable to CVE-2025-30015, based on global website indexing conducted by WebTechSurvey.
The NetWeaver Application Server is affected by the CVE-2025-30015 vulnerability.
NetWeaver Application Server versions up to and including 7.54 are vulnerable to CVE-2025-30015.