CVE-2025-42953HIGH 8.1EPSS p33.1%

CVE-2025-42953CVE-2025-42953

Description

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.41% probability of exploitation · percentile 33.1% · 2026-06-19T12:03:05Z
Published2025-07-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://me.sap.com/notes/3623440
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42958
CVE
CVE-2025-0070
CVE
CVE-2025-42982
CVE
CVE-2025-26661
CVE
CVE-2026-24309
CVE
CVE-2025-42922
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.