Vulnerability in SAP NetWeaver AS Java Application Using Adobe Document Service
CVE-2025-42927

3.4LOW

Key Information:

Vendor: SAP
Status: SAP Netweaver As Java (adobe Document Service)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42927?

The SAP NetWeaver AS Java application that leverages Adobe Document Service is vulnerable due to an outdated OpenSSL library. This weakness allows users with elevated system privileges to access and alter critical system information, posing a security risk. Although the impact on confidentiality and integrity is considered low, it is crucial for organizations to update their OpenSSL version to mitigate potential exploitation. Regular patching and updates are essential to maintain system security and integrity.

Affected Version(s)

SAP NetWeaver AS Java (Adobe Document Service) ADSSAP 7.50

References

https://me.sap.com/notes/3525295

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025