CVE-2025-42959
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 700 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 701 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 702 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 731 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 740 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 750 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 751 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 752 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 753 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 754 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 755 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 756 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 757 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 758 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 914 | affected |
| SAP_SE | SAP NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 915 | affected |
Weaknesses
- CWE-308: CWE-308: Use of Single-factor Authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.