Medium severity6.5NVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2025-42904

Description

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3662324nvd
url.sap/sapsecuritypatchdaynvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000