Replay Attack Vulnerability in SAP Systems
CVE-2025-42959
8.1HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42959?
An unauthenticated attacker can exploit a vulnerability in SAP systems tied to the improper handling of Hashed Message Authentication Codes (HMAC). This occurs when HMAC credentials from a vulnerable system are reused in a replay attack targeting a different system. Even if the targeted SAP system has all the necessary patches applied, attackers can still achieve full system compromise. This can severely impact the confidentiality, integrity, and availability of the system, underscoring the necessity for consistent security measures and patch management.
Affected Version(s)
SAP NetWeaver ABAP Server and ABAP Platform SAP_BASIS 700
SAP NetWeaver ABAP Server and ABAP Platform SAP_BASIS 701
SAP NetWeaver ABAP Server and ABAP Platform SAP_BASIS 702