CVE-2025-42902

EPSS 0.06%
Veröffentlicht 14.10.2025 00:17:32
Zuletzt bearbeitet 14.10.2025 19:36:29
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP Netweaver AS ABAP and ABAP Platform

Default Statusunaffected

Version KRNL64NUC 7.22

Status affected

Version 7.22EXT

Status affected

Version KRNL64UC 7.22

Status affected

Version 7.53

Status affected

Version KERNEL 7.22

Status affected

Version 7.54

Status affected

Version 7.77

Status affected

Version 7.89

Status affected

Version 7.93

Status affected

Version 9.14

Status affected

Version 9.15

Status affected

Version 9.16

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3627308

https://nvd.nist.gov/vuln/detail/CVE-2025-42902

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42902

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42902

EUVD