What is CVE-2025-42959?

CVE-2025-42959 is a high-severity vulnerability in Sap_se Sap Netweaver Abap Server And Platform, classified under Use of Single-factor Authentication. CVSS score: 8.1/10. Published 2025-07-08.

How severe is CVE-2025-42959?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Sap_se Sap Netweaver Abap Server And Platform

CVE-2025-42959

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if th…

EPSS: 0.002 (44.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap_se Sap Netweaver Abap Server And Platform — versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702

Weakness classification (CWE)

CWE-308 — Use of Single-factor Authentication

References

Frequently asked questions

What is CVE-2025-42959?: CVE-2025-42959 is a high-severity vulnerability in Sap_se Sap Netweaver Abap Server And Platform, classified under Use of Single-factor Authentication. CVSS score: 8.1/10. Published 2025-07-08.
How severe is CVE-2025-42959?: High severity. CVSS v3 base score is 8.1 out of 10.