CVE-2025-42958

Published Sep 9, 2025

Last updated 15 days ago

CVSS critical 9.1

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-42958 is a vulnerability affecting SAP NetWeaver applications on IBM i-series systems. It stems from a missing authentication check. This allows unauthorized users with high privileges to read, modify, or delete sensitive information. They can also access administrative or privileged functionalities. The vulnerability exists in SAP NetWeaver applications on IBM i-series. Successful exploitation can directly impact the confidentiality, integrity, and availability of the application.

Description
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-250

Social media

Hype score
Not currently trending

  1. CVE-2025-42958 (CVSS:9.1, CRITICAL) is Awaiting Analysis. Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high priv..https://t.co/Tkeg0CuJpU #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Sept 2025

    153 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP https://t.co/cqsKplAqtN

    @viehgroup

    11 Sept 2025

    298 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Alert🚨CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP NetWeaver https

    @HunterMapping

    10 Sept 2025

    7187 Impressions

    23 Retweets

    106 Likes

    44 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-42958 Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or … https://t.co/Q4hwHvDa5o

    @CVEnew

    9 Sept 2025

    269 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.