CVE-2025-42877
Description
SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated memory corruption vulnerability in SAP Web Dispatcher, ICM, and Content Server allows high availability impact.
Vulnerability
Overview
CVE-2025-42877 is a memory corruption vulnerability affecting SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server. The root cause is a logical error in these components that can be triggered by an unauthenticated attacker, leading to memory corruption [1].
Exploitation
An attacker can exploit this vulnerability without authentication, sending specially crafted requests to the affected services. No user interaction or special privileges are required, making the attack surface broad for any exposed instance [1].
Impact
Successful exploitation results in high impact on the availability of the affected systems. The vulnerability does not affect confidentiality or integrity, meaning the primary risk is denial of service [1].
Mitigation
SAP has released security patches as part of its regular Security Patch Day. Administrators are strongly advised to apply the relevant SAP Security Notes for their product versions. No workarounds are documented, so patching is the recommended mitigation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.