Deserialization Vulnerability in SAP jConnect – SDK for ASE

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.

AI Analysis

Deserialization vulnerability allowing remote code execution in SAP jConnect

Basic Information

ID CVE-2025-42928

Source sap

Published Dec 9, 2025 at 02:15

Affected Product

Vendor SAP_SE

Product SAP jConnect - SDK for ASE

Version SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4

Affected Versions SAP_SE SAP jConnect - SDK for ASE SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4
SAP_SE SAP jConnect - SDK for ASE 16.1

CWE Classification

CWE-502

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor SAP

Product SAP jConnect - SDK for ASE

Version 16.0.4, 16.1

References

{
    "lastseen": "",
    "description": "Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.",
    "published": "2025-12-09T02:15:45.247Z",
    "modified": "2025-12-09T02:15:45.247Z",
    "type": "cve",
    "title": "Deserialization Vulnerability in SAP jConnect - SDK for ASE",
    "source": "sap",
    "references": "https://me.sap.com/notes/3685286\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42928",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP jConnect - SDK for ASE SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4\nSAP_SE SAP jConnect - SDK for ASE 16.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP jConnect - SDK for ASE",
    "version": "SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4",
    "vendor": "SAP_SE",
    "ai_description": "Deserialization vulnerability allowing remote code execution in SAP jConnect",
    "ai_severity": "Critical",
    "ai_vendor": "SAP",
    "ai_product": "SAP jConnect - SDK for ASE",
    "ai_version": "16.0.4, 16.1",
    "ai_score": 9.1
}

Deserialization Vulnerability in SAP jConnect – SDK for ASE_CVE-2025-42928