How severe is CVE-2025-42878?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Sap_se Sap Web Dispatcher And Internet Communication Manager (Icm)

CVE-2025-42878

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulner…

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H.

Affected products

Sap_se Sap Web Dispatcher And Internet Communication Manager (Icm) — versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22

Weakness classification (CWE)

CWE-1244

References

Frequently asked questions

What is CVE-2025-42878?: CVE-2025-42878 is a high-severity vulnerability in Sap_se Sap Web Dispatcher And Internet Communication Manager (Icm), classified under CWE-1244. CVSS score: 8.2/10. Published 2025-12-09.
How severe is CVE-2025-42878?: High severity. CVSS v3 base score is 8.2 out of 10.