Missing Authentication check in SAP NetWeaver Internet Communication Framework

6.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Description

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.

Basic Information

ID CVE-2025-42875

Source sap

Published Dec 9, 2025 at 02:14

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Internet Communication Framework

Version SAP_BASIS 700

Affected Versions SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 700
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 701
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 702
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 731
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 740
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 750
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 751
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 752
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 753
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 754
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 755
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 756
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 757
SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 758

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.",
    "published": "2025-12-09T02:14:30.399Z",
    "modified": "2025-12-09T02:14:30.399Z",
    "type": "cve",
    "title": "Missing Authentication check in SAP NetWeaver Internet Communication Framework",
    "source": "sap",
    "references": "https://me.sap.com/notes/3591163\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42875",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 700\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 701\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 702\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 731\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 740\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 750\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 751\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 752\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 753\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 754\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 755\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 756\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 757\nSAP_SE SAP NetWeaver Internet Communication Framework SAP_BASIS 758",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Internet Communication Framework",
    "version": "SAP_BASIS 700",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authentication check in SAP NetWeaver Internet Communication Framework_CVE-2025-42875