JNDI Injection Vulnerability in SAP NetWeaver Enterprise Portal
CVE-2025-42884

6.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP Netweaver Enterprise Portal
Vendor
CVE Published:
11 November 2025

What is CVE-2025-42884?

The vulnerability affects the SAP NetWeaver Enterprise Portal, where an unauthenticated attacker can exploit the system to inject JNDI environment properties. This manipulation enables attackers to pass malicious URLs during JNDI lookup operations, potentially granting unauthorized access to unintended JNDI providers. Such exposure could lead to the disclosure or unauthorized modification of sensitive information regarding the server. Nevertheless, it does not affect the operational availability of the service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver Enterprise Portal EP-BASIS 7.50

SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50

References

https://me.sap.com/notes/3660969
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.