5.3
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.
Basic Information
ID
CVE-2025-42902
Source
sap
Published
Oct 14, 2025 at 00:17
Affected Product
Vendor
SAP_SE
Product
SAP Netweaver AS ABAP and ABAP Platform
Version
KRNL64NUC 7.22
Affected Versions
SAP_SE SAP Netweaver AS ABAP and ABAP Platform KRNL64NUC 7.22
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.22EXT
SAP_SE SAP Netweaver AS ABAP and ABAP Platform KRNL64UC 7.22
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.53
SAP_SE SAP Netweaver AS ABAP and ABAP Platform KERNEL 7.22
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.54
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.77
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.89
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.93
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.14
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.15
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.16
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.22EXT
SAP_SE SAP Netweaver AS ABAP and ABAP Platform KRNL64UC 7.22
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.53
SAP_SE SAP Netweaver AS ABAP and ABAP Platform KERNEL 7.22
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.54
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.77
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.89
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 7.93
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.14
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.15
SAP_SE SAP Netweaver AS ABAP and ABAP Platform 9.16