cbcvebase.
CVE-2025-42928
published 2025-12-09

CVE-2025-42928: Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may…

PriorityP266critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
8.04%
94.1th percentile
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.

Affected

2 ranges
VendorProductVersion rangeFixed in
sap_sesap_jconnect_sdk_for_ase
sap_sesap_jconnect_sdk_for_ase

Detection & IOCsextracted from sources · hover to see the quote

  • Target component: SAP jConnect (JDBC driver used to connect Java applications to SAP ASE and SAP SQL Anywhere databases) — deserialization vulnerability exploitable via specially crafted input
  • Attack vector: specially crafted serialized input sent to SAP jConnect; focus detection on anomalous Java deserialization payloads in JDBC traffic targeting SAP ASE / SQL Anywhere endpoints
  • Privilege requirement: attacker must be high-privileged; monitor for privileged SAP jConnect sessions initiating unexpected outbound connections or spawning child processes as a post-exploitation indicator
  • ·Exploitation requires a high-privileged user account; attack surface is limited to authenticated, privileged sessions against SAP jConnect
  • ·SAP has not marked this vulnerability as actively exploited in the wild as of the December 2025 bulletin; patch should still be applied without delay
  • ·CVSS score is 9.1 (Critical); impacts confidentiality, integrity, and availability at high levels
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.