CVE-2025-42935

Summary

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)KRNL64NUC 7.22affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.22EXTaffected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)KRNL64UC 7.22affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.53affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)KERNEL 7.22affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.54affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.77affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.89affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)7.93affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)9.14affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)9.15affected
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)9.16affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References