Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Sep 9, 2025

Missing Authentication check in SAP NetWeaver Application Server Java

CVE-2025-42926

Description

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.

Affected products

SAP/Netweaver Application Server Javallm-fuzzy
SAP_SE/SAP NetWeaver Application Server Javav5
Range: WD-RUNTIME 7.50

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3619465mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000