Vulnerability in SAP NetWeaver Enterprise Portal by SAP
CVE-2025-42980
9.1CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42980?
The SAP NetWeaver Enterprise Portal Federated Portal Network may allow a privileged user to upload untrusted or malicious content. This vulnerability arises from insecure deserialization, which can compromise the confidentiality, integrity, and availability of the affected system. Proper validation and sanitation processes are crucial to mitigate the risk associated with this vulnerability. For more information and guidelines, refer to the official SAP notes.
Affected Version(s)
SAP NetWeaver Enterprise Portal Federated Portal Network EP-RUNTIME 7.50