CVE-2025-42994 | THREATINT

Description

SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-10 | Updated 2025-11-12 | Assigner sap

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-590: Free of Memory not on the Heap

Product status

Default status

unaffected

MDM_SERVER 710.750

affected

References

me.sap.com/notes/3610006

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42994)

nvd.nist.gov (CVE-2025-42994)

Download JSON