CVE-2025-42927Dependency on Vulnerable Third-Party Component in SE SAP Netweaver AS Java

CWE-1395Dependency on Vulnerable Third-Party Component3 documents3 sources
Severity
3.4LOWNVD
EPSS
0.0%
top 96.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AS Java
Timeline
PublishedSep 9

Description

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 0.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_as_javaADSSAP 7.50

🔴Vulnerability Details

2
GHSA
GHSA-w7h3-8h89-2fq5: SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL2025-09-09
CVEList
Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)2025-09-09
CVE-2025-42927 — SE SAP Netweaver AS Java vulnerability | cvebase