cvedb.io
CVE-2025-24876
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2025-02-11T01:15:11.887 · Last modified 2026-06-17T08:59:46.653

Summary

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.