CVE-2025-42911
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-23
Assigner: SAP SE
Description
Description
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_basis | 700 |
| sap | sap_basis | 701 |
| sap | sap_basis | 702 |
| sap | sap_basis | 731 |
| sap | sap_basis | 740 |
| sap | sap_basis | 750 |
| sap | sap_basis | 751 |
| sap | sap_basis | 752 |
| sap | sap_basis | 753 |
| sap | sap_basis | 754 |
| sap | sap_basis | 755 |
| sap | sap_basis | 756 |
| sap | sap_basis | 757 |
| sap | sap_basis | 758 |
| sap | sap_basis | 816 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
