CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3621037	Permissions Required
https://url.sap/sapsecuritypatchday	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver:700:::::::*
	cpe:2.3:a:sap:netweaver:701:::::::*
	cpe:2.3:a:sap:netweaver:702:::::::*
	cpe:2.3:a:sap:netweaver:710:::::::*
	cpe:2.3:a:sap:netweaver:731:::::::*
	cpe:2.3:a:sap:netweaver:740:::::::*
	cpe:2.3:a:sap:netweaver:750:::::::*
	cpe:2.3:a:sap:netweaver:751:::::::*
	cpe:2.3:a:sap:netweaver:752:::::::*
	cpe:2.3:a:sap:netweaver:753:::::::*
	cpe:2.3:a:sap:netweaver:754:::::::*
	cpe:2.3:a:sap:netweaver:755:::::::*
	cpe:2.3:a:sap:netweaver:756:::::::*
	cpe:2.3:a:sap:netweaver:757:::::::*
	cpe:2.3:a:sap:netweaver:758:::::::*
	cpe:2.3:a:sap:netweaver:816:::::::*
	cpe:2.3:a:sap:netweaver:914:::::::*
	cpe:2.3:a:sap:netweaver:916:::::::*

History

No history.

Information

Published : 2025-07-08 01:15

Updated : 2025-10-27 16:57

NVD link : CVE-2025-42968

Mitre link : CVE-2025-42968

CVE.ORG link : CVE-2025-42968

JSON object : View

Products Affected

sap

netweaver

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-42968", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T01:15:23.950", "references": [{"url": "https://me.sap.com/notes/3621037", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application."}, {"lang": "es", "value": "SAP NetWeaver permite que un usuario no administrativo autenticado acceda al m\u00f3dulo de funci\u00f3n remota, lo que le otorga acceso a informaci\u00f3n no confidencial sobre el sistema SAP y el sistema operativo sin necesidad de conocimientos espec\u00edficos ni condiciones controladas. Esto reduce el impacto en la confidencialidad y no afecta la integridad ni la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-10-27T16:57:45.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FED49E-6F9A-494A-9226-1059249960A0"}, {"criteria": "cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836C36D-242F-4818-81B4-C170959D02F5"}, {"criteria": "cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A503ABF-8655-40D7-96AD-2D7F19A673AE"}, {"criteria": "cpe:2.3:a:sap:netweaver:710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA008537-4D80-4126-A0D1-B209B9E56B46"}, {"criteria": "cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A9D5C5A-6963-438B-B0EA-2A621A34D8A9"}, {"criteria": "cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFA1591-0304-4FAE-A6A7-72D04D1F41A3"}, {"criteria": "cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7940A9AF-308E-4CE5-BA19-7A3DCF49F644"}, {"criteria": "cpe:2.3:a:sap:netweaver:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09428E4-45BB-414D-9F3D-AA5C73D2DD5E"}, {"criteria": "cpe:2.3:a:sap:netweaver:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ED0BA7D-939D-4B05-81A3-9F991C8C04F9"}, {"criteria": "cpe:2.3:a:sap:netweaver:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C2BF545-A7DC-4BB6-B894-D04CF163DD88"}, {"criteria": "cpe:2.3:a:sap:netweaver:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A75B2F18-60BE-41B5-82CB-520F794F2004"}, {"criteria": "cpe:2.3:a:sap:netweaver:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31620E5-30FC-4545-A430-AAA77A66B51A"}, {"criteria": "cpe:2.3:a:sap:netweaver:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9724E131-9893-4630-96A2-EB6032D98C58"}, {"criteria": "cpe:2.3:a:sap:netweaver:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FEBCDDF-4828-45D1-A81D-FFB50261DBCA"}, {"criteria": "cpe:2.3:a:sap:netweaver:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FB60751-D53F-496C-AB5B-922561FB27D5"}, {"criteria": "cpe:2.3:a:sap:netweaver:816:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4042A5-8859-44E6-9CA0-AA8A09D081A3"}, {"criteria": "cpe:2.3:a:sap:netweaver:914:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0018F635-E38F-47AB-9AC3-CA2BBE6D5FA8"}, {"criteria": "cpe:2.3:a:sap:netweaver:916:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52996086-B7EA-40CB-B6F3-983C11329FF2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}