CVE-2025-42882
Last modified
CVE-2025-42882 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-42882?
How severe is CVE-2025-42882?
How do I fix CVE-2025-42882?
Are you affected by CVE-2025-42882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST