CVE-2025-42963 — Deserialization of Untrusted Data in SE SAP Netweaver Application Server FOR Java

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.2%

top 53.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Java

Timeline

PublishedJul 8

Description

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_javaLMNWABASICAPPS 7.50

🔴Vulnerability Details

GHSA

GHSA-76j3-vxfx-99xf: A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java obje↗2025-07-08

▶

CVEList

Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )↗2025-07-08

▶