← Back to CVEs
CVE-2025-42976
HIGH8.1
Description
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/12/2025
Last Modified8/12/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-125
References
https://me.sap.com/notes/3611184(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.