CVE 9.9 CRITICAL

Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)_CVE-2025-42922

September 8, 2025 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.

AI Analysis

SAP NetWeaver AS Java (Deploy Web Service) is vulnerable to arbitrary file upload, leading to system compromise.

Basic Information

ID CVE-2025-42922

Source sap

Published Sep 9, 2025 at 02:09

Affected Product

Vendor SAP_SE

Product SAP NetWeaver AS Java (Deploy Web Service)

Version J2EE-APPS 7.50

Affected Versions SAP_SE SAP NetWeaver AS Java (Deploy Web Service) J2EE-APPS 7.50

CWE Classification

CWE-94

AI Assessment

AI Score 9.9 / 10

AI Severity CRITICAL

Vendor SAP

Product SAP NetWeaver AS Java (Deploy Web Service)

Version J2EE-APPS 7.50

References

{
    "lastseen": "",
    "description": "SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.",
    "published": "2025-09-09T02:09:38.727Z",
    "modified": "2025-09-09T02:09:38.727Z",
    "type": "cve",
    "title": "Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3643865\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42922",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver AS Java (Deploy Web Service) J2EE-APPS 7.50",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver AS Java (Deploy Web Service)",
    "version": "J2EE-APPS 7.50",
    "vendor": "SAP_SE",
    "ai_description": "SAP NetWeaver AS Java (Deploy Web Service) is vulnerable to arbitrary file upload, leading to system compromise.",
    "ai_severity": "CRITICAL",
    "ai_vendor": "SAP",
    "ai_product": "SAP NetWeaver AS Java (Deploy Web Service)",
    "ai_version": "J2EE-APPS 7.50",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply