Performance Degradation in SAP NetWeaver Business Warehouse Application
CVE-2025-42954

2.7LOW

What is CVE-2025-42954?

The SAP NetWeaver Business Warehouse application contains a vulnerability that allows an attacker with privileged access to execute RFC enabled function modules without input parameters. This leads to a significant increase in CPU load, which may adversely affect the performance and availability of the application. While this vulnerability does not compromise the confidentiality or integrity of the system, it can result in service disruption, making it imperative for organizations to apply the necessary patches to mitigate potential risks.

Affected Version(s)

SAP NetWeaver Business Warehouse (CCAW application) DW4CORE 100

SAP NetWeaver Business Warehouse (CCAW application) 200

SAP NetWeaver Business Warehouse (CCAW application) 300

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42954 : Performance Degradation in SAP NetWeaver Business Warehouse Application