CVE-2025-42989

Summary

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAPKERNEL 7.89affected
SAP_SESAP NetWeaver Application Server for ABAP7.93affected
SAP_SESAP NetWeaver Application Server for ABAP9.14affected
SAP_SESAP NetWeaver Application Server for ABAP9.15affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References