CVE-2025-42884

Summary

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Enterprise PortalEP-BASIS 7.50affected
SAP_SESAP NetWeaver Enterprise PortalEP-RUNTIME 7.50affected

Weaknesses

  • CWE-943: CWE-943: Improper Neutralization of Special Elements in Data Query Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References