CVE-2025-42963 | THREATINT

Description

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2026-02-26 | Assigner sap

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

Default status

unaffected

LMNWABASICAPPS 7.50

affected

References

me.sap.com/notes/3621771

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42963)

nvd.nist.gov (CVE-2025-42963)

Download JSON