CVE-2025-42994 PUBLISHED

Multiple vulnerabilities in SAP MDM Server

Assigner: sap
Reserved: 16.04.2025 Published: 10.06.2025 Updated: 10.06.2025

SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP MDM Server
Versions	Default: unaffected Version MDM_SERVER 710.750 is affected

References

https://me.sap.com/notes/3610006
https://url.sap/sapsecuritypatchday

CVE-2025-42994 PUBLISHED

Multiple vulnerabilities in SAP MDM Server

Metrics

Product Status

References

Problem Types