CVE-2025-42963

critical

Description

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

References

https://www.securityweek.com/sap-patches-critical-flaws-that-could-allow-remote-code-execution-full-system-takeover/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3621771

Details

Source: Mitre, NVD

Published: 2025-07-08

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00044