CVE-2025-42878HIGH 8.2EPSS p21.5%

CVE-2025-42878CVE-2025-42878

Description

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
EPSS0.30% probability of exploitation · percentile 21.5% · 2026-06-19T12:03:05Z
Published2025-12-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1244

References

  1. https://me.sap.com/notes/3684682
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessInternal Asset Exposed to Unsafe Debug Access Level or Statecwe-12440%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0066
CVE
CVE-2025-42880
CVE
CVE-2025-42887
CVE
CVE-2025-42958
CVE
CVE-2025-42957
CVE
CVE-2025-42928
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.