CVE-2025-42878 | THREATINT

Description

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner sap

HIGH: 8.2CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

Problem types

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Product status

Default status

unaffected

KRNL64NUC 7.22

affected

7.22EXT

affected

KRNL64UC 7.22

affected

7.53

affected

WEBDISP 7.22_EXT

affected

7.54

affected

7.77

affected

7.89

affected

7.93

affected

9.16

affected

KERNEL 7.22

affected

References

me.sap.com/notes/3684682

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42878)

nvd.nist.gov (CVE-2025-42878)

Download JSON