CVE-2025-42989

Published Jun 10, 2025

Last updated a month ago

CVSS critical 9.6

Overview

Description
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.6
Impact score
5.8
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-862

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades corregidas en productos de SAP ❗CVE-2025-42989 ❗CVE-2025-42982 ❗CVE-2025-42983 ❗CVE-2025-23192 ➡️Más info: https://t.co/MN7878yOML https://t.co/8BP8FnyJMT

    @CERTpy

    12 Jun 2025

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. SAP June 2025 Security Patch Day fixed critical NetWeaver bug SAP’s June 2025 Security Patch fixes a critical flaw (CVE-2025-42989, CVSS 9.6) in NetWeaver’s RFC framework, allowing authenticated attackers to bypass authorization checks and escalate privileges, threatening ht

    @dCypherIO

    11 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 SAP NetWeaver expuesto en México: riesgo por CVE-2025-42989 🔍 Se identificaron al menos 28 servidores en México con SAP NetWeaver expuestos, potencialmente vulnerables a CVE-2025-42989, una falla crítica que permitiría a un usuario autenticado escalar privilegios y ht

    @tpx_Security

    10 Jun 2025

    323 Impressions

    1 Retweet

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-42989

    @transilienceai

    10 Jun 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. SAP released 14 patches in June 2025, patching a critical NetWeaver vulnerability (CVE-2025-42989) that enables privilege escalation via RFC bypass. Prompt updates are vital to safeguard enterprise systems. 🔒 #SAP #NetWeaver #SecurityAustralia https://t.co/qAi4Y8s6qZ

    @TweetThreatNews

    10 Jun 2025

    103 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-42989: Missing Authorization in SAP NetWeaver, 9.6 rating 🔥 Vulnerability disclosed in a recent patch allows an authenticated user to escalate their privileges. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/5FkQ7Uz7PX #cybersecurity #vulnerability_map

    @Netlas_io

    10 Jun 2025

    741 Impressions

    3 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. [CVE-2025-42989: CRITICAL] Beware of the escalated privilege risk in RFC inbound processing! Lack of authorization checks could allow for critical impact on application integrity and availability. #CyberSecu...#cve,CVE-2025-42989,#cybersecurity https://t.co/rgLthAB2NA https://t.c

    @CveFindCom

    10 Jun 2025

    133 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.