CVE-2025-42877

Summary

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerKRNL64UC 7.53affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerWEBDISP 7.53affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content Server7.54affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerXS_ADVANCED_RUNTIME 1.00affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerSAP_EXTENDED_APP_SERVICES 1affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerCONTSERV 7.53affected
SAP_SESAP Web Dispatcher, Internet Communication Manager and SAP Content ServerKERNEL 7.53affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References