CVE-2025-42874 in NetWeaver
Sumário (Inglês)
SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Responsável
sap
Reservar
16/04/2025
Divulgação
09/12/2025
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 334926 | SAP NetWeaver Rremote Service for Xcelsius Elevação de Privilégios | 405 | Não definido | Correção oficial | CVE-2025-42874 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV