CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

🗓️ 09 Dec 2025 02:14:30Reported by sapType

Missing authentication in NetWeaver Internet Communication Framework allows token reuse with low impact.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-42875	9 Dec 202508:10	–	circl
CNNVD	SAP Internet Communication Framework 访问控制错误漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-42875	9 Dec 202502:14	–	cve
EUVD	EUVD-2025-201852	9 Dec 202518:30	–	euvd
NCSC	Vulnerabilities fixed in SAP Software	12 Dec 202509:29	–	ncsc
NVD	CVE-2025-42875	9 Dec 202516:17	–	nvd
Positive Technologies	PT-2025-49765	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42875	10 Dec 202502:32	–	redhatcve
Tenable Nessus	SAP NetWeaver AS Missing Authentication (December 2025)	11 Dec 202500:00	–	nessus
Vulnrichment	CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework	9 Dec 202502:14	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Internet Communication Framework",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3591163

09 Dec 2025 02:14Current

CVSS 3.16.6

EPSS0.00052

CWE-306