CVE-2025-42928
published 2025-12-09CVE-2025-42928: Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may…
PriorityP266critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
8.04%
94.1th percentile
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_jconnect_sdk_for_ase | — | — |
| sap_se | sap_jconnect_sdk_for_ase | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target component: SAP jConnect (JDBC driver used to connect Java applications to SAP ASE and SAP SQL Anywhere databases) — deserialization vulnerability exploitable via specially crafted input ↗
- →Attack vector: specially crafted serialized input sent to SAP jConnect; focus detection on anomalous Java deserialization payloads in JDBC traffic targeting SAP ASE / SQL Anywhere endpoints ↗
- →Privilege requirement: attacker must be high-privileged; monitor for privileged SAP jConnect sessions initiating unexpected outbound connections or spawning child processes as a post-exploitation indicator ↗
- ·Exploitation requires a high-privileged user account; attack surface is limited to authenticated, privileged sessions against SAP jConnect ↗
- ·SAP has not marked this vulnerability as actively exploited in the wild as of the December 2025 bulletin; patch should still be applied without delay ↗
- ·CVSS score is 9.1 (Critical); impacts confidentiality, integrity, and availability at high levels ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
15th December – Threat Intelligence Report
blogs_checkpoint·2025-12-15
CVE-2025-14174 15th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 15th December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The Indian government confirmed cyber incidents involving GPS spoofing at seven major airports, including Delhi, Mumbai, Kolkata, and Bengaluru. The attack affected aircrafts using GPS-based landing procedures. Despite signal disruption to navigation data, authorities stated no flights were cancelled or diverted, with c
Bleepingcomputer
SAP fixes three critical vulnerabilities across multiple products
blogs_bleepingcomputer·2025-12-09·CVSS 9.9
CVE-2025-42880 [CRITICAL] SAP fixes three critical vulnerabilities across multiple products
## SAP fixes three critical vulnerabilities across multiple products
## Bill Toulas
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws.
The most severe (CVSS score: 9.9) of all the issues is CVE-2025-42880 , a code injection problem impacting SAP Solution Manager ST 720.
"Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module," reads the flaw's description.
"This could provide the attacker with full control of the system, hence leading to high impact on confidentiality, integrity, and availability of the system."
SAP Solution Manager is the vendor's central lifecycle management and monitori
2025-12-09
Published