Remote Function Access Vulnerability in SAP NetWeaver
CVE-2025-42968
5MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42968?
The vulnerability in SAP NetWeaver allows authenticated non-administrative users to call a remote-enabled function module. This capability can grant unnecessary access to non-sensitive system details and operating system information without the need for specialized knowledge or a controlled environment. This situation can lead to concerns regarding the confidentiality of the system, as unauthorized insights into the SAP infrastructure may be exposed.
Affected Version(s)
SAP NetWeaver (RFC enabled function module) SAP_BW 700
SAP NetWeaver (RFC enabled function module) 701
SAP NetWeaver (RFC enabled function module) 702