CVE-2025-42958

Summary

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaverKRNL64NUC 7.22affected
SAP_SESAP NetWeaver7.22EXTaffected
SAP_SESAP NetWeaverKRNL64UC 7.22affected
SAP_SESAP NetWeaver7.53affected
SAP_SESAP NetWeaverKERNEL 7.22affected
SAP_SESAP NetWeaver7.54affected

Weaknesses

  • CWE-250: CWE-250: Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References