CVE-2025-42959HIGH 8.1EPSS p38.1%

CVE-2025-42959CVE-2025-42959

Description

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.1% · 2026-06-18T12:00:27Z
Published2025-07-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-308

References

  1. https://me.sap.com/notes/3600846
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessUse of Single-factor Authenticationcwe-3080%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-48906
CVE
CVE-2025-41652
CVE
CVE-2025-46386
CVE
CVE-2025-3090
CVE
CVE-2025-55049
CVE
CVE-2025-46387
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.