CVE-2025-42963CRITICAL 9.1EPSS p48.6%

CVE-2025-42963CVE-2025-42963

Description

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.71% probability of exploitation · percentile 48.6% · 2026-06-19T12:03:05Z
Published2025-07-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-502

References

  1. https://me.sap.com/notes/3621771
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42966
CVE
CVE-2025-42944
CVE
CVE-2025-42928
CVE
CVE-2025-42964
CVE
CVE-2025-42922
CVE
CVE-2025-42980
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.