CVE-2025-42874Asymmetric Resource Consumption (Amplification) in SE SAP Netweaver

CWE-405Asymmetric Resource Consumption (Amplification)3 documents3 sources
Severity
7.9HIGHNVD
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedDec 9

Description

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3v8x-282w-fmj2: SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system2025-12-09
CVEList
Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)2025-12-09
CVE-2025-42874 — SAP SE SAP Netweaver vulnerability | cvebase