Performance Degradation in SAP NetWeaver Business Warehouse Application
CVE-2025-42954
2.7LOW
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42954?
The SAP NetWeaver Business Warehouse application contains a vulnerability that allows an attacker with privileged access to execute RFC enabled function modules without input parameters. This leads to a significant increase in CPU load, which may adversely affect the performance and availability of the application. While this vulnerability does not compromise the confidentiality or integrity of the system, it can result in service disruption, making it imperative for organizations to apply the necessary patches to mitigate potential risks.
Affected Version(s)
SAP NetWeaver Business Warehouse (CCAW application) DW4CORE 100
SAP NetWeaver Business Warehouse (CCAW application) 200
SAP NetWeaver Business Warehouse (CCAW application) 300