Performance Degradation in SAP NetWeaver Business Warehouse Application
CVE-2025-42954

2.7LOW

Key Information:

Vendor: SAP
Status: SAP Netweaver Business Warehouse (ccaw Application)
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-42954?

The SAP NetWeaver Business Warehouse application contains a vulnerability that allows an attacker with privileged access to execute RFC enabled function modules without input parameters. This leads to a significant increase in CPU load, which may adversely affect the performance and availability of the application. While this vulnerability does not compromise the confidentiality or integrity of the system, it can result in service disruption, making it imperative for organizations to apply the necessary patches to mitigate potential risks.

Affected Version(s)

SAP NetWeaver Business Warehouse (CCAW application) DW4CORE 100

SAP NetWeaver Business Warehouse (CCAW application) 200

SAP NetWeaver Business Warehouse (CCAW application) 300

References

https://me.sap.com/notes/3608156

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025