JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal_CVE-2025-42884

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.

Basic Information

ID CVE-2025-42884

Source sap

Published Nov 11, 2025 at 00:14

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Enterprise Portal

Version EP-BASIS 7.50

Affected Versions SAP_SE SAP NetWeaver Enterprise Portal EP-BASIS 7.50
SAP_SE SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50

CWE Classification

CWE-943

References

{
    "lastseen": "",
    "description": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.\ufffdThis could further lead to disclosure or modification of information about the server. There is no impact on availability.",
    "published": "2025-11-11T00:14:02.774Z",
    "modified": "2025-11-11T00:14:02.774Z",
    "type": "cve",
    "title": "JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal",
    "source": "sap",
    "references": "https://me.sap.com/notes/3660969\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42884",
    "bulletinFamily": "",
    "cwe": [
        "CWE-943"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Enterprise Portal EP-BASIS 7.50\nSAP_SE SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Enterprise Portal",
    "version": "EP-BASIS 7.50",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}