CVE-2025-42895

Sažetak

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.

Reference

https://me.sap.com/notes/3643385
https://url.sap/sapsecuritypatchday

CVSS

Base:	6.9
Impact:	5.3
Exploitability:	1.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

Zadnje važnije ažuriranje

12-11-2025 - 16:19

Objavljeno

11-11-2025 - 01:15