CVE-2025-42873
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sapui5 | 3.1 |
| sap | openui5 | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-405 | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SAPUI5 and OpenUI5 packages that use outdated third-party libraries. Specifically, the markdown-it library fails to properly handle special malformed input, causing it to enter an infinite loop. This infinite loop leads to a Denial of Service (DoS) by causing high CPU usage and making the system unresponsive due to a blocked processing thread.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service by making the affected system unresponsive and consuming high CPU resources. This impacts system availability but does not affect confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability primarily impacts system availability and does not affect confidentiality or integrity. Therefore, it has limited direct impact on compliance with standards focused on data protection like GDPR or HIPAA, which emphasize confidentiality and integrity. However, availability issues could indirectly affect compliance if system downtime impacts required service levels.