CVE-2025-42877 Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server

🗓️ 09 Dec 2025 02:14:51Reported by sapType

Unauthenticated access triggers memory corruption in SAP Web Dispatcher and Content Server, impacting availability.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-42877	9 Dec 202507:42	–	circl
CNNVD	SAP多款产品缓冲区错误漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-42877	9 Dec 202502:14	–	cve
EUVD	EUVD-2025-201850	9 Dec 202518:30	–	euvd
NCSC	Vulnerabilities fixed in SAP Software	12 Dec 202509:29	–	ncsc
NVD	CVE-2025-42877	9 Dec 202516:17	–	nvd
Positive Technologies	PT-2025-49767	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42877	10 Dec 202502:32	–	redhatcve
Vulnrichment	CVE-2025-42877 Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server	9 Dec 202502:14	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Web Dispatcher, Internet Communication Manager and SAP Content Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.53"
      },
      {
        "status": "affected",
        "version": "7.54"
      },
      {
        "status": "affected",
        "version": "XS_ADVANCED_RUNTIME 1.00"
      },
      {
        "status": "affected",
        "version": "SAP_EXTENDED_APP_SERVICES 1"
      },
      {
        "status": "affected",
        "version": "CONTSERV 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3677544

09 Dec 2025 02:14Current

CVSS 3.17.5

EPSS0.00132

CWE-787