CVE-2025-42928 PUBLISHED

Deserialization Vulnerability in SAP jConnect - SDK for ASE

Assigner: sap
Reserved: 16.04.2025 Published: 09.12.2025 Updated: 26.02.2026

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.1

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP jConnect - SDK for ASE
Versions	Default: unaffected Version SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 is affected Version 16.1 is affected

References

https://me.sap.com/notes/3685286
https://url.sap/sapsecuritypatchday

CVE-2025-42928 PUBLISHED

Deserialization Vulnerability in SAP jConnect - SDK for ASE

Metrics

Product Status

References

Problem Types