Deserialization Vulnerability in SAP NetWeaver Enterprise Portal Administration
CVE-2025-42964
9.1CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42964?
The SAP NetWeaver Enterprise Portal Administration suffers from a vulnerability where a privileged user may upload untrusted or malicious content. Upon deserialization of this content, there exists a risk that the confidentiality, integrity, and availability of the affected system can be compromised. This vulnerability emphasizes the importance of secure content handling and proper validation mechanisms.
Affected Version(s)
SAP NetWeaver Enterprise Portal Administration EP-RUNTIME 7.50