Authentication Bypass in SAP NetWeaver Application Server Java
CVE-2025-42926

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42926?

The SAP NetWeaver Application Server Java has a vulnerability that allows unauthenticated attackers to access internal files without performing necessary authentication checks. This can lead to the exposure of sensitive system information. Though the impact on confidentiality is low, organizations must act to mitigate potential risks associated with unauthorized file access. Regular updates and security patches are crucial to ensure the integrity of the system.

Affected Version(s)

SAP NetWeaver Application Server Java WD-RUNTIME 7.50

References

https://me.sap.com/notes/3619465

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025