Code Injection vulnerability in SAP HANA JDBC Client_CVE-2025-42895

6.9 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

Description

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.

Basic Information

ID CVE-2025-42895

Source sap

Published Nov 11, 2025 at 00:19

Affected Product

Vendor SAP_SE

Product SAP HANA JDBC Client

Version HDB_CLIENT 2.0

Affected Versions SAP_SE SAP HANA JDBC Client HDB_CLIENT 2.0

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.",
    "published": "2025-11-11T00:19:38.409Z",
    "modified": "2025-11-11T00:19:38.409Z",
    "type": "cve",
    "title": "Code Injection vulnerability in SAP HANA JDBC Client",
    "source": "sap",
    "references": "https://me.sap.com/notes/3643385\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42895",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP HANA JDBC Client HDB_CLIENT 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP HANA JDBC Client",
    "version": "HDB_CLIENT 2.0",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}