Details of VAR-202507-1068

ID

VAR-202507-1068

CVE

CVE-2025-42968

DESCRIPTION

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Trust: 1.0

sources: NVD: CVE-2025-42968

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	757	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	710	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	816	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	702	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	914	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	700	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	916	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	758	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	701	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	756	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	731	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	751	Trust: 1.0

sources: NVD: CVE-2025-42968

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@sap.com:	CVE-2025-42968
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-42968
value:	MEDIUM
Trust: 1.0

cna@sap.com:	CVE-2025-42968
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-42968
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-42968 // NVD: CVE-2025-42968

PROBLEMTYPE DATA

problemtype:

CWE-862

Trust: 1.0

sources: NVD: CVE-2025-42968

EXTERNAL IDS

db:

NVD

id:

CVE-2025-42968

Trust: 1.0

sources: NVD: CVE-2025-42968

REFERENCES

url:	https://url.sap/sapsecuritypatchday	Trust: 1.0
url:	https://me.sap.com/notes/3621037	Trust: 1.0

sources: NVD: CVE-2025-42968

SOURCES

db:

NVD

id:

CVE-2025-42968

LAST UPDATE DATE

2025-11-18T15:19:27.920000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-42968

date:

2025-10-27T16:57:45.097

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-42968

date:

2025-07-08T01:15:23.950