SAP MDM Server Session Control Vulnerability
CVE-2025-42996

5.6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Mdm Server
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-42996?

The SAP MDM Server has a vulnerability that allows attackers to take control over existing client sessions, enabling them to execute specific functions without re-authenticating. This flaw potentially permits unauthorized access to non-sensitive information, which might lead to resource consumption that can degrade the server's performance. Organizations using affected versions must be vigilant to prevent any unauthorized activities that could impact system availability.

Affected Version(s)

SAP MDM Server MDM_SERVER 710.750

References

https://me.sap.com/notes/3610006

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025