CVE-2025-42968

Summary

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver (RFC enabled function module)SAP_BW 700affected
SAP_SESAP NetWeaver (RFC enabled function module)701affected
SAP_SESAP NetWeaver (RFC enabled function module)702affected
SAP_SESAP NetWeaver (RFC enabled function module)710affected
SAP_SESAP NetWeaver (RFC enabled function module)731affected
SAP_SESAP NetWeaver (RFC enabled function module)740affected
SAP_SESAP NetWeaver (RFC enabled function module)750affected
SAP_SESAP NetWeaver (RFC enabled function module)751affected
SAP_SESAP NetWeaver (RFC enabled function module)752affected
SAP_SESAP NetWeaver (RFC enabled function module)753affected
SAP_SESAP NetWeaver (RFC enabled function module)754affected
SAP_SESAP NetWeaver (RFC enabled function module)755affected
SAP_SESAP NetWeaver (RFC enabled function module)756affected
SAP_SESAP NetWeaver (RFC enabled function module)757affected
SAP_SESAP NetWeaver (RFC enabled function module)758affected
SAP_SESAP NetWeaver (RFC enabled function module)816affected
SAP_SESAP NetWeaver (RFC enabled function module)914affected
SAP_SESAP NetWeaver (RFC enabled function module)916affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References