Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Published

2025-07-08T01:15:23.950

Last Modified

2025-10-27T16:57:45.097

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver	700	Yes
Application	sap	netweaver	701	Yes
Application	sap	netweaver	702	Yes
Application	sap	netweaver	710	Yes
Application	sap	netweaver	731	Yes
Application	sap	netweaver	740	Yes
Application	sap	netweaver	750	Yes
Application	sap	netweaver	751	Yes
Application	sap	netweaver	752	Yes
Application	sap	netweaver	753	Yes
Application	sap	netweaver	754	Yes
Application	sap	netweaver	755	Yes
Application	sap	netweaver	756	Yes
Application	sap	netweaver	757	Yes
Application	sap	netweaver	758	Yes
Application	sap	netweaver	816	Yes
Application	sap	netweaver	914	Yes
Application	sap	netweaver	916	Yes

References

https://me.sap.com/notes/3621037 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])