Deserialization Vulnerability in SAP NetWeaver Enterprise Portal Administration
CVE-2025-42964

9.1CRITICAL

Key Information:

Vendor

SAP
Status
SAP Netweaver Enterprise Portal Administration
Vendor
CVE Published:
8 July 2025

What is CVE-2025-42964?

The SAP NetWeaver Enterprise Portal Administration suffers from a vulnerability where a privileged user may upload untrusted or malicious content. Upon deserialization of this content, there exists a risk that the confidentiality, integrity, and availability of the affected system can be compromised. This vulnerability emphasizes the importance of secure content handling and proper validation mechanisms.

Affected Version(s)

SAP NetWeaver Enterprise Portal Administration EP-RUNTIME 7.50

References

https://me.sap.com/notes/3621236
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-42964 : Deserialization Vulnerability in SAP NetWeaver Enterprise Portal Administration