CVE-2025-42918

Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

Description

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability

INFO

Published Date :

2025-09-09T02:09:18.915Z

Last Modified :

2025-09-09T13:41:50.007Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2025-42918 vulnerability.

Vendors	Products
Sap	Application Server Background Processing Netweaver Netweaver Abap Sap Basis

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-42918.

URL	Resource
https://me.sap.com/notes/3623504
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact