CVE-2025-42875

Sažetak

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.

Reference

https://me.sap.com/notes/3591163
https://url.sap/sapsecuritypatchday

CVSS

Base:	6.6
Impact:	3.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Zadnje važnije ažuriranje

09-12-2025 - 18:36

Objavljeno

09-12-2025 - 16:17