Deserialization Vulnerability in SAP NetWeaver Enterprise Portal Administration
CVE-2025-42964

9.1CRITICAL

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal Administration
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-42964?

The SAP NetWeaver Enterprise Portal Administration suffers from a vulnerability where a privileged user may upload untrusted or malicious content. Upon deserialization of this content, there exists a risk that the confidentiality, integrity, and availability of the affected system can be compromised. This vulnerability emphasizes the importance of secure content handling and proper validation mechanisms.

Affected Version(s)

SAP NetWeaver Enterprise Portal Administration EP-RUNTIME 7.50

References

https://me.sap.com/notes/3621236

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025