Detections
Analytics

CVE-2025-42976

high

Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.

References

https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3611184

Details

Source: Mitre, NVD

Published: 2025-08-12

Updated: 2025-08-12

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00042