CVE-2025-42963

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3621771
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 01:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-42963

Mitre link : CVE-2025-42963

CVE.ORG link : CVE-2025-42963

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

9.1 /10