Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42926

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.

Published

2025-09-09T02:15:41.050

Last Modified

2025-10-23T12:43:32.437

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_application_server_java	7.50	Yes

References

https://me.sap.com/notes/3619465 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])