CVE-2025-42873

Medienbericht

EPSS 0.05%
Veröffentlicht 09.12.2025 02:14:07
Zuletzt bearbeitet 09.12.2025 18:36:53
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system unresponsiveness due to a blocked processing thread. This vulnerability has no impact on confidentiality or integrity but has a high impact on system availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAPUI5 framework (Markdown-it component)

Default Statusunaffected

Version SAP_UI 755

Status affected

Version 756

Status affected

Version 757

Status affected

Version 758

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

https://www.heise.de/news/SAP-Patchday-14-Sicherheitswarnungen-zum-Jahresende-11107757.html

Medienbericht

heise Security

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3676970

https://nvd.nist.gov/vuln/detail/CVE-2025-42873

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42873

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42873

EUVD