CVE-2025-42958— Missing Authentication check in SAP NetWeaver
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-42958
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authentication check in SAP NetWeaver
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
带着不必要的权限执行
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP NetWeaver Application Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP NetWeaver Application Server是德国思爱普(SAP)公司的一款应用程序服务器。 SAP NetWeaver Application Server on IBM i-series存在安全漏洞,该漏洞源于缺少身份验证检查,可能导致读取、修改或删除敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver | KRNL64NUC 7.22 | - |
II. Public POCs for CVE-2025-42958
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-42958
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2025-09-09 · 20 CVEs total
| CVE-2025-42944 | 10.0 CRITICAL | Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4) |
| CVE-2025-42922 | 9.9 CRITICAL | Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service) |
| CVE-2025-42933 | 8.8 HIGH | Insecure Storage of Sensitive Information in SAP Business One (SLD) |
| CVE-2025-42916 | 8.1 HIGH | Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise) |
| CVE-2025-42929 | 8.1 HIGH | Missing input validation vulnerability in SAP Landscape Transformation Replication Server |
| CVE-2025-42912 | 6.5 MEDIUM | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42917 | 6.5 MEDIUM | Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application) |
| CVE-2025-42930 | 6.5 MEDIUM | Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation |
| CVE-2025-42938 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform |
| CVE-2025-42920 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management |
| CVE-2025-42915 | 5.4 MEDIUM | Missing Authorization Check in Fiori app (Manage Payment Blocks) |
| CVE-2025-42926 | 5.3 MEDIUM | Missing Authentication check in SAP NetWeaver Application Server Java |
| CVE-2025-42911 | 5.0 MEDIUM | Missing Authorization check in SAP NetWeaver (Service Data Download) |
| CVE-2025-42923 | 4.3 MEDIUM | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center |
| CVE-2025-42925 | 4.3 MEDIUM | Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service) |
| CVE-2025-42918 | 4.3 MEDIUM | Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Proce |
| CVE-2025-42927 | 3.4 LOW | Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Doc |
| CVE-2025-42913 | 3.1 LOW | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42914 | 3.1 LOW | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-250
- CVE-2026-42088
OpenC3 COSMOS: Administrative Actions via the Script Runner - CVE-2026-40550
Privilege Escalation in mpGabinet - CVE-2026-25908
Dell Alienware Command Center 安全漏洞 - CVE-2026-4667
HP System Optimizer - Escalation of Privilege - CVE-2026-33793
Junos OS and Junos OS Evolved: When an unsigned Python op sc
V. Comments for CVE-2025-42958
No comments yet