CVE-2025-42904

Summary

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SEApplication Server ABAPKRNL64UC 7.53affected
SAP_SEApplication Server ABAPKERNEL 7.53affected
SAP_SEApplication Server ABAP7.54affected
SAP_SEApplication Server ABAP7.77affected
SAP_SEApplication Server ABAP7.89affected
SAP_SEApplication Server ABAP7.93affected
SAP_SEApplication Server ABAP9.16affected
SAP_SEApplication Server ABAP9.17affected

Weaknesses

  • CWE-549: CWE-549: Missing Password Field Masking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References