File Upload Vulnerability in SAP NetWeaver Application Server for ABAP from SAP
CVE-2025-42883

2.7LOW

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap (migration Workbench)
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-42883?

The Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP contains a critical security flaw where a malware scan is not triggered when administrative users upload files. This oversight allows for the potential upload of malicious files by attackers possessing administrative privileges. Consequently, the integrity of the application may be compromised, underscoring the need for immediate remediation measures to enhance security protocols against unauthorized file uploads.

Affected Version(s)

SAP NetWeaver Application Server for ABAP (Migration Workbench) SAP_BASIS 700

SAP NetWeaver Application Server for ABAP (Migration Workbench) SAP_BASIS 701

SAP NetWeaver Application Server for ABAP (Migration Workbench) SAP_BASIS 702

References

https://me.sap.com/notes/3634053

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON