CVE-2025-42885
Description
Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated remote attacker can call a function in SAP HANA 2.0 (hdbrss) to view sensitive information, with low confidentiality impact.
CVE-2025-42885 affects SAP HANA 2.0 (hdbrss). The vulnerability stems from missing authentication on a remote-enabled function, allowing an unauthenticated attacker to invoke it. The official description indicates no integrity or availability impact, but confidentiality is at risk [1].
To exploit this flaw, an attacker needs network access to the SAP HANA service. No credentials or prior access are required. The attacker simply calls the unprotected remote function, which then returns information that should normally be restricted [1].
Successful exploitation leaks sensitive data visible through the function. The impact on confidentiality is considered low, meaning the exposed information is limited in scope and does not compromise critical secrets. Neither system integrity nor availability is affected [1].
SAP addresses this issue through its regular Security Patch Day. Administrators should apply the relevant SAP Security Note for HANA 2.0 (hdbrss). No workaround is mentioned, so patching is the recommended mitigation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.