CVE-2025-42968
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-10-27
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver | 700 |
| sap | netweaver | 701 |
| sap | netweaver | 702 |
| sap | netweaver | 710 |
| sap | netweaver | 731 |
| sap | netweaver | 740 |
| sap | netweaver | 750 |
| sap | netweaver | 751 |
| sap | netweaver | 752 |
| sap | netweaver | 753 |
| sap | netweaver | 754 |
| sap | netweaver | 755 |
| sap | netweaver | 756 |
| sap | netweaver | 757 |
| sap | netweaver | 758 |
| sap | netweaver | 816 |
| sap | netweaver | 914 |
| sap | netweaver | 916 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP NetWeaver allows an authenticated non-administrative user to call a remote-enabled function module that grants access to non-sensitive information about the SAP system and operating system. It does not require any special knowledge or controlled conditions to exploit.
How can this vulnerability impact me? :
The impact of this vulnerability is low on confidentiality since it only exposes non-sensitive information. It does not affect the integrity or availability of the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability has a low impact on confidentiality and does not affect integrity or availability, so it is unlikely to significantly affect compliance with common standards and regulations such as GDPR or HIPAA.