Vulnerability in Sap_se Sap Netweaver Application Server Java
CVE-2025-42978
The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certifi…
EPSS: 0.001 (2.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Sap_se Sap Netweaver Application Server Java — versions ENGINEAPI 7.50
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-42978?
- CVE-2025-42978 is a low-severity vulnerability in Sap_se Sap Netweaver Application Server Java, classified under Improper Verification of Source of a Communication Channel. CVSS score: 3.5/10. Published 2025-07-08.
- How severe is CVE-2025-42978?
- Low severity. CVSS v3 base score is 3.5 out of 10.