fkie_cve-2025-42968
Vulnerability from fkie_nvd
Published
2025-07-08 01:15
Modified
2025-10-27 16:57
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.
References
cna@sap.comhttps://me.sap.com/notes/3621037Permissions Required
cna@sap.comhttps://url.sap/sapsecuritypatchdayPatch
Impacted products
Vendor Product Version
sap netweaver 700
sap netweaver 701
sap netweaver 702
sap netweaver 710
sap netweaver 731
sap netweaver 740
sap netweaver 750
sap netweaver 751
sap netweaver 752
sap netweaver 753
sap netweaver 754
sap netweaver 755
sap netweaver 756
sap netweaver 757
sap netweaver 758
sap netweaver 816
sap netweaver 914
sap netweaver 916


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FED49E-6F9A-494A-9226-1059249960A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:*",
              "matchCriteriaId": "4836C36D-242F-4818-81B4-C170959D02F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A503ABF-8655-40D7-96AD-2D7F19A673AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:710:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA008537-4D80-4126-A0D1-B209B9E56B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9D5C5A-6963-438B-B0EA-2A621A34D8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA1591-0304-4FAE-A6A7-72D04D1F41A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "7940A9AF-308E-4CE5-BA19-7A3DCF49F644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:751:*:*:*:*:*:*:*",
              "matchCriteriaId": "C09428E4-45BB-414D-9F3D-AA5C73D2DD5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:752:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED0BA7D-939D-4B05-81A3-9F991C8C04F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:753:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2BF545-A7DC-4BB6-B894-D04CF163DD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:754:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75B2F18-60BE-41B5-82CB-520F794F2004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:755:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31620E5-30FC-4545-A430-AAA77A66B51A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:756:*:*:*:*:*:*:*",
              "matchCriteriaId": "9724E131-9893-4630-96A2-EB6032D98C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:757:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEBCDDF-4828-45D1-A81D-FFB50261DBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:758:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FB60751-D53F-496C-AB5B-922561FB27D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:816:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4042A5-8859-44E6-9CA0-AA8A09D081A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:914:*:*:*:*:*:*:*",
              "matchCriteriaId": "0018F635-E38F-47AB-9AC3-CA2BBE6D5FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:916:*:*:*:*:*:*:*",
              "matchCriteriaId": "52996086-B7EA-40CB-B6F3-983C11329FF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application."
    },
    {
      "lang": "es",
      "value": "SAP NetWeaver permite que un usuario no administrativo autenticado acceda al m\u00f3dulo de funci\u00f3n remota, lo que le otorga acceso a informaci\u00f3n no confidencial sobre el sistema SAP y el sistema operativo sin necesidad de conocimientos espec\u00edficos ni condiciones controladas. Esto reduce el impacto en la confidencialidad y no afecta la integridad ni la disponibilidad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2025-42968",
  "lastModified": "2025-10-27T16:57:45.097",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-08T01:15:23.950",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3621037"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Patch"
      ],
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.