CVE-2025-42966

Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)

CVSS 9.1 CRITICALEPSS 0.7%CWE-502

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

SAP_SE · SAP NetWeaver (XML Data Archiving Service)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3610892 https://url.sap/sapsecuritypatchday