Vulnerability in SAP NetWeaver Enterprise Portal by SAP
CVE-2025-42980

9.1CRITICAL

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal Federated Portal Network
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-42980?

The SAP NetWeaver Enterprise Portal Federated Portal Network may allow a privileged user to upload untrusted or malicious content. This vulnerability arises from insecure deserialization, which can compromise the confidentiality, integrity, and availability of the affected system. Proper validation and sanitation processes are crucial to mitigate the risk associated with this vulnerability. For more information and guidelines, refer to the official SAP notes.

Affected Version(s)

SAP NetWeaver Enterprise Portal Federated Portal Network EP-RUNTIME 7.50

References

https://me.sap.com/notes/3620498

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025