How severe is CVE-2025-42884?

CVE-2025-42884 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-42884

6.5MEDIUM

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provide

Veröffentlicht: 11/11/2025Aktualisiert: 11/12/2025

Beschreibung

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.

KI-AnalyseKI-gestützt

Referenzen

https://me.sap.com/notes/3660969
https://url.sap/sapsecuritypatchday