CVE-2025-42966Deserialization of Untrusted Data in SE SAP Netweaver

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 53.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedJul 8

Description

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_netweaverJ2EE-APPS 7.50

🔴Vulnerability Details

2
GHSA
GHSA-h8pf-m8cc-p8xp: SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization v2025-07-08
CVEList
Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)2025-07-08
CVE-2025-42966 — Deserialization of Untrusted Data | cvebase