CVE-2025-42959

{"id": "CVE-2025-42959", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-07-08T01:15:22.477", "references": [{"url": "https://me.sap.com/notes/3600846", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-308"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability."}, {"lang": "es", "value": "Un atacante no autenticado podr\u00eda explotar una situaci\u00f3n en la que una credencial de C\u00f3digo de Autenticaci\u00f3n de Mensajes Hash (HMAC), extra\u00edda de un sistema sin parches de seguridad espec\u00edficos, se reutiliza en un ataque de repetici\u00f3n contra otro sistema. Incluso si el sistema objetivo cuenta con todos los parches instalados, una explotaci\u00f3n exitosa podr\u00eda comprometer completamente el sistema, afectando la confidencialidad, la integridad y la disponibilidad."}], "lastModified": "2025-07-08T16:18:14.207", "sourceIdentifier": "[email protected]"}