CVE-2025-42911
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-23
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_basis | 700 |
| sap | sap_basis | 701 |
| sap | sap_basis | 702 |
| sap | sap_basis | 731 |
| sap | sap_basis | 740 |
| sap | sap_basis | 750 |
| sap | sap_basis | 751 |
| sap | sap_basis | 752 |
| sap | sap_basis | 753 |
| sap | sap_basis | 754 |
| sap | sap_basis | 755 |
| sap | sap_basis | 756 |
| sap | sap_basis | 757 |
| sap | sap_basis | 758 |
| sap | sap_basis | 816 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module that can provide access to information about the SAP system and the underlying operating system. It impacts confidentiality to a low degree but does not affect the integrity or availability of the application.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated user to gain access to sensitive information about the SAP system and operating system, potentially exposing confidential data. However, it does not affect the integrity or availability of the system, so it poses a low impact risk overall.