What is CVE-2025-42904?

CVE-2025-42904 is a medium-severity vulnerability in Sap_se Application Server Abap, classified under CWE-549. CVSS score: 6.5/10. Published 2025-12-09.

How severe is CVE-2025-42904?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Sap_se Application Server Abap

CVE-2025-42904

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a…

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Sap_se Application Server Abap — versions KRNL64UC 7.53, KERNEL 7.53, 7.54

Weakness classification (CWE)

CWE-549

References

me.sap.com/notes/3662324
url.sap/sapsecuritypatchday

Frequently asked questions

What is CVE-2025-42904?: CVE-2025-42904 is a medium-severity vulnerability in Sap_se Application Server Abap, classified under CWE-549. CVSS score: 6.5/10. Published 2025-12-09.
How severe is CVE-2025-42904?: Medium severity. CVSS v3 base score is 6.5 out of 10.