Remote Code Execution Vulnerability in SAP jConnect Affecting High Privileged Users
CVE-2025-42928

9.1CRITICAL

Key Information:

Vendor: SAP
Status: SAP Jconnect - Sdk For Ase
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-42928?

A deserialization vulnerability in SAP jConnect can enable high privileged users to execute remote code under specific conditions. Exploiting this flaw involves using specially crafted input, potentially compromising the confidentiality, integrity, and availability of the affected system. Organizations utilizing SAP jConnect should promptly apply security updates to mitigate this risk. For more details and patch information, refer to the official SAP security patches and notes.

Affected Version(s)

SAP jConnect - SDK for ASE SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4

SAP jConnect - SDK for ASE 16.1

References

https://me.sap.com/notes/3685286

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON