TLS Connection Vulnerability in SAP NetWeaver Application Server Java
CVE-2025-42978
3.5LOW
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42978?
The SAP NetWeaver Application Server Java component responsible for outbound TLS connections has a security flaw that fails to adequately verify the hostname against the wildcard hostname specified in the remote TLS server's certificate. This oversight can result in establishing a connection to a potentially malicious server, leading to the risk of information disclosure. While the integrity and availability of the service remain unaffected, addressing this vulnerability is crucial to maintain secure communication and protect sensitive data.
Affected Version(s)
SAP NetWeaver Application Server Java ENGINEAPI 7.50