Remote Function Access Vulnerability in SAP NetWeaver
CVE-2025-42968

5MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
8 July 2025

What is CVE-2025-42968?

The vulnerability in SAP NetWeaver allows authenticated non-administrative users to call a remote-enabled function module. This capability can grant unnecessary access to non-sensitive system details and operating system information without the need for specialized knowledge or a controlled environment. This situation can lead to concerns regarding the confidentiality of the system, as unauthorized insights into the SAP infrastructure may be exposed.

Affected Version(s)

SAP NetWeaver (RFC enabled function module) SAP_BW 700

SAP NetWeaver (RFC enabled function module) 701

SAP NetWeaver (RFC enabled function module) 702

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42968 : Remote Function Access Vulnerability in SAP NetWeaver