AI description
CVE-2025-42922 is an insecure file operations vulnerability found in SAP NetWeaver AS Java. It exists within the Deploy Web Service component. An attacker who has been authenticated as a non-administrative user can exploit this vulnerability to upload arbitrary files. The vulnerability stems from the Deploy Web Service's insecure file upload mechanisms and insufficient access control validation. The core issue lies in the improper handling of multipart/form-data requests without adequate role-based access control (RBAC) enforcement or file type validation. This security gap allows authenticated users with low-level privileges to bypass intended restrictions and upload malicious files to the system.
- Description
- SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cna@sap.com
- CWE-94
- Hype score
- Not currently trending
SAP NetWeaver の脆弱性 CVE-2025-42922 が FIX:認証済み攻撃者による任意のコード実行 https://t.co/sMKEs67Jcl SAP NetWeaver AS Java の Deploy Web Service
@iototsecnews
22 Sept 2025
135 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42922 (CVSS:9.9, CRITICAL) is Awaiting Analysis. SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available servic..https://t.co/mcXTMkwmqG #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Sept 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP https://t.co/cqsKplAqtN
@viehgroup
11 Sept 2025
298 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP NetWeaver https
@HunterMapping
10 Sept 2025
7187 Impressions
23 Retweets
106 Likes
44 Bookmarks
0 Replies
0 Quotes
🚨🚨SAP Security Patch Day drops fixes for FOUR critical flaws CVE-2025-42944 (CVSS 10): Insecure deserialization in SAP NetWeaver (RMI-P4) = full RCE, no auth needed! CVE-2025-42922 (CVSS 9.9): Insecure file ops in NetWeaver AS Java = privilege escalation & server takeo
@zoomeye_team
9 Sept 2025
2032 Impressions
5 Retweets
26 Likes
14 Bookmarks
0 Replies
0 Quotes
Critical File Upload Vulnerability in SAP NetWeaver AS Java Deploy Service — CVE-2025-42922 https://t.co/C3gaizxLjh
@Dinosn
9 Sept 2025
1639 Impressions
0 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-42922 SAP NetWeaver AS Java Authenticated File Upload Vulnerability Enables System Compromise https://t.co/OaqogwlHEA
@VulmonFeeds
9 Sept 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42922 SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when … https://t.co/lPm3l2ih20
@CVEnew
9 Sept 2025
305 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes