CVE-2025-42959
Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
| Vendor | sap_se |
| Product | sap netweaver abap server and abap platform |
| Published | Jul 8, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap netweaver abap server and abap platform
Be the first to know when new high vulnerabilities affecting sap_se sap netweaver abap server and abap platform are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
SAP_SE / SAP NetWeaver ABAP Server and ABAP Platform
SAP_BASIS 700 SAP_BASIS 701 SAP_BASIS 702 SAP_BASIS 731 SAP_BASIS 740 SAP_BASIS 750 SAP_BASIS 751 SAP_BASIS 752 SAP_BASIS 753 SAP_BASIS 754 SAP_BASIS 755 SAP_BASIS 756 SAP_BASIS 757 SAP_BASIS 758 SAP_BASIS 914 SAP_BASIS 915