CVE-2025-42958Execution with Unnecessary Privileges in SE SAP Netweaver

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.1%
top 78.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedSep 9

Description

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-r2xh-ghmw-jjjw: Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to r2025-09-09
CVEList
Missing Authentication check in SAP NetWeaver2025-09-09
CVE-2025-42958 — Execution with Unnecessary Privileges | cvebase