CVE-2025-42935

MEDIUM

SAP NetWeaver Application Server ABAP - Info Disclosure

Title source: llm

Description

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3601480

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.1

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (12)

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.22EXT

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.53

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.54

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.77

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.89

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.93

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.14

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.15

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.16

SAP_SE/SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KERNEL 7.22

... and 2 more

Published Aug 12, 2025

Tracked Since Feb 18, 2026