- Description
- An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cna@sap.com
- CWE-308
- Hype score
- Not currently trending
CVE-2025-42959 (CVSS:8.1, HIGH) is Awaiting Analysis. An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extract..https://t.co/SWLdMT0Rvr #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42959 An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security pat… https://t.co/fzryBSRxmd
@CVEnew
8 Jul 2025
491 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes