Description

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

INFO

Published Date :

2025-10-14T00:17:32.898Z

Last Modified :

2025-10-14T15:22:05.634Z

Source :

sap
AFFECTED PRODUCTS

The following products are affected by CVE-2025-42902 vulnerability.

Vendors Products
Sap
  • Abap Platform
  • As Abap
  • Netweaver
  • Netweaver Abap
  • Netweaver As Abap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-42902.

URL Resource
https://me.sap.com/notes/3627308 cve-icon cve-icon
https://url.sap/sapsecuritypatchday cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact