Vulnerability in SAP NetWeaver Enterprise Portal by SAP
CVE-2025-42980

9.1CRITICAL

What is CVE-2025-42980?

The SAP NetWeaver Enterprise Portal Federated Portal Network may allow a privileged user to upload untrusted or malicious content. This vulnerability arises from insecure deserialization, which can compromise the confidentiality, integrity, and availability of the affected system. Proper validation and sanitation processes are crucial to mitigate the risk associated with this vulnerability. For more information and guidelines, refer to the official SAP notes.

Affected Version(s)

SAP NetWeaver Enterprise Portal Federated Portal Network EP-RUNTIME 7.50

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42980 : Vulnerability in SAP NetWeaver Enterprise Portal by SAP