Missing Authentication Vulnerability in SAP HANA 2.0
CVE-2025-42885

5.8MEDIUM

Key Information:

Vendor

SAP
Status
SAP Hana 2.0 (hdbrss)
Vendor
CVE Published:
11 November 2025

What is CVE-2025-42885?

A missing authentication issue in SAP HANA 2.0 (hdbrss) allows unauthorized users to invoke remote-enabled functions. This vulnerability could potentially expose sensitive information to attackers without valid credentials. Although the risk to confidentiality is present, the integrity and availability of the system remain unaffected. Organizations utilizing SAP HANA should take steps to ensure proper authentication mechanisms are enforced to mitigate exposure.

Affected Version(s)

SAP HANA 2.0 (hdbrss) HDB 2.00

References

https://me.sap.com/notes/3639264
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.