CVE-2025-42963

CRITICAL

SAP NetWeaver Application server for Java Log Viewer - Use After Free

Title source: llm

Description

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3621771

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 9.1

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Timeline

Published Jul 08, 2025

Tracked Since Feb 18, 2026