SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application
References
| Link | Resource |
|---|---|
| https://me.sap.com/notes/3627644 | Permissions Required |
| https://url.sap/sapsecuritypatchday | Patch |
Configurations
Configuration 1 (hide)
|
History
23 Oct 2025, 12:45
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sap
Sap sap Basis |
|
| CPE | cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:816:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:* |
|
| References | () https://me.sap.com/notes/3627644 - Permissions Required | |
| References | () https://url.sap/sapsecuritypatchday - Patch |
09 Sep 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-09 02:15
Updated : 2025-10-23 12:45
NVD link : CVE-2025-42911
Mitre link : CVE-2025-42911
CVE.ORG link : CVE-2025-42911
JSON object : View
Products Affected
sap
- sap_basis
CWE
CWE-862
Missing Authorization