Security Advisory

CVE-2025-42902

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-14 00:17:32

Last updated 2025-10-14 15:22:05

Assigner sap

State PUBLISHED

Description

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

← Browse all CVEs View on cve.org ↗