Information Disclosure in SAP NetWeaver ABAP Application Server by SAP
CVE-2025-42935

4.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver As For Abap And Abap Platform(internet Communication Manager)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42935?

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) vulnerability allows authorized users with administrative access to log files to read confidential information. This situation compromises the application's data confidentiality, enabling potentially unauthorized insights into sensitive information. Mitigating this risk requires addressing user access controls and log file security to ensure that such sensitive data remains protected.

Affected Version(s)

SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64NUC 7.22

SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.22EXT

SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64UC 7.22

References

https://me.sap.com/notes/3601480

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025