CVE-2025-42883 — Unrestricted File Upload in SE SAP Netweaver Application Server FOR Abap

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.0%

top 91.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap

Timeline

PublishedNov 11

Description

Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low impact on the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap15 versions+14

🔴Vulnerability Details

GHSA

GHSA-q3x8-qp66-f6pf: Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative p↗2025-11-11

▶

CVEList

Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)↗2025-11-11

▶