What is CVE-2025-42925?

CVE-2025-42925 is a medium-severity vulnerability in Sap_se Sap Netweaver As Java (Iiop Service), classified under CWE-341. CVSS score: 4.3/10. Published 2025-09-09.

How severe is CVE-2025-42925?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Sap_se Sap Netweaver As Java (Iiop Service)

CVE-2025-42925

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledg…

EPSS: 0.001 (17.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Sap_se Sap Netweaver As Java (Iiop Service) — versions SERVERCORE 7.50

Weakness classification (CWE)

CWE-341

References

me.sap.com/notes/3640477
url.sap/sapsecuritypatchday

Frequently asked questions

What is CVE-2025-42925?: CVE-2025-42925 is a medium-severity vulnerability in Sap_se Sap Netweaver As Java (Iiop Service), classified under CWE-341. CVSS score: 4.3/10. Published 2025-09-09.
How severe is CVE-2025-42925?: Medium severity. CVSS v3 base score is 4.3 out of 10.