CVE-2025-42874

🗓️ 09 Dec 2025 02:14:19Reported by sapType

Denial of service in NetWeaver Xcelsius remote service enables code execution with network access and high privileges; no user interaction.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-42874	9 Dec 202507:43	–	circl
CNNVD	SAP NetWeaver 安全漏洞	9 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)	9 Dec 202502:14	–	cvelist
EUVD	EUVD-2025-201853	9 Dec 202518:30	–	euvd
NCSC	Vulnerabilities fixed in SAP Software	12 Dec 202509:29	–	ncsc
NVD	CVE-2025-42874	9 Dec 202516:17	–	nvd
Positive Technologies	PT-2025-49764	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42874	10 Dec 202502:32	–	redhatcve
Tenable Nessus	SAP NetWeaver AS Java DoS (December 2025)	11 Dec 202500:00	–	nessus
Vulnrichment	CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)	9 Dec 202502:14	–	vulnrichment

Vulners

Node

sap netweaverMatch7.50

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (remote service for Xcelsius)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "BI-BASE-E 7.50"
      },
      {
        "status": "affected",
        "version": "BI-BASE-B 7.50"
      },
      {
        "status": "affected",
        "version": "BI-IBC 7.50"
      },
      {
        "status": "affected",
        "version": "BI-BASE-S 7.50"
      },
      {
        "status": "affected",
        "version": "BIWEBAPP 7.50"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3640185

15 Apr 2026 00:35Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.9

EPSS0.00061

SSVC

CWE-405