CVE-2025-42968 | THREATINT

Description

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2025-07-08 | Assigner sap

MEDIUM: 5.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

SAP_BW 700

affected

701

affected

702

affected

710

affected

731

affected

740

affected

750

affected

751

affected

752

affected

753

affected

754

affected

755

affected

756

affected

757

affected

758

affected

816

affected

914

affected

916

affected

References

me.sap.com/notes/3621037

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42968)

nvd.nist.gov (CVE-2025-42968)

Download JSON