Vulnerability in Sap_se Sap Netweaver Application Server Java

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certifi…

EPSS: 0.001 (2.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-42978?
CVE-2025-42978 is a low-severity vulnerability in Sap_se Sap Netweaver Application Server Java, classified under Improper Verification of Source of a Communication Channel. CVSS score: 3.5/10. Published 2025-07-08.
How severe is CVE-2025-42978?
Low severity. CVSS v3 base score is 3.5 out of 10.