Home

Description

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-10 | Assigner sap




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-250: Execution with Unnecessary Privileges

Product status

Default status
unaffected

KRNL64NUC 7.22
affected

7.22EXT
affected

KRNL64UC 7.22
affected

7.53
affected

KERNEL 7.22
affected

7.54
affected

References

me.sap.com/notes/3627373

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42958)

nvd.nist.gov (CVE-2025-42958)

Download JSON