Information Disclosure vulnerability in Application Server ABAP_CVE-2025-42904

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.

Basic Information

ID CVE-2025-42904

Source sap

Published Dec 9, 2025 at 02:15

Affected Product

Vendor SAP_SE

Product Application Server ABAP

Version KRNL64UC 7.53

Affected Versions SAP_SE Application Server ABAP KRNL64UC 7.53
SAP_SE Application Server ABAP KERNEL 7.53
SAP_SE Application Server ABAP 7.54
SAP_SE Application Server ABAP 7.77
SAP_SE Application Server ABAP 7.89
SAP_SE Application Server ABAP 7.93
SAP_SE Application Server ABAP 9.16
SAP_SE Application Server ABAP 9.17

CWE Classification

CWE-549

References

{
    "lastseen": "",
    "description": "Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.",
    "published": "2025-12-09T02:15:36.673Z",
    "modified": "2025-12-09T02:15:36.673Z",
    "type": "cve",
    "title": "Information Disclosure vulnerability in Application Server ABAP",
    "source": "sap",
    "references": "https://me.sap.com/notes/3662324\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42904",
    "bulletinFamily": "",
    "cwe": [
        "CWE-549"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE Application Server ABAP KRNL64UC 7.53\nSAP_SE Application Server ABAP KERNEL 7.53\nSAP_SE Application Server ABAP 7.54\nSAP_SE Application Server ABAP 7.77\nSAP_SE Application Server ABAP 7.89\nSAP_SE Application Server ABAP 7.93\nSAP_SE Application Server ABAP 9.16\nSAP_SE Application Server ABAP 9.17",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Application Server ABAP",
    "version": "KRNL64UC 7.53",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}