CVE-2025-42928

CRITICAL 9.1

Deserialization Vulnerability in SAP jConnect - SDK for ASE

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.

Vendor	sap_se
Product	sap jconnect - sdk for ase
Published	Dec 9, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for sap_se sap jconnect - sdk for ase

Be the first to know when new critical vulnerabilities affecting sap_se sap jconnect - sdk for ase are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SAP_SE / SAP jConnect - SDK for ASE

SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 16.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

me.sap.com: https://me.sap.com/notes/3685286 url.sap: https://url.sap/sapsecuritypatchday