CVE-2025-42964 PUBLISHED

Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

Assigner: sap
Reserved: 16.04.2025 Published: 08.07.2025 Updated: 09.07.2025

SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.1

Product Status

Vendor SAP_SE
Product SAP NetWeaver Enterprise Portal Administration
Versions Default: unaffected
  • Version EP-RUNTIME 7.50 is affected

References

Problem Types