EUVD-2025-201853

🗓️ 09 Dec 2025 18:30:37Reported by EUVDType

Remote code execution via input validation flaw in SAP NetWeaver Xcelsius; no user interaction.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-42874	9 Dec 202507:43	–	circl
CNNVD	SAP NetWeaver 安全漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-42874	9 Dec 202502:14	–	cve
Cvelist	CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)	9 Dec 202502:14	–	cvelist
NCSC	Vulnerabilities fixed in SAP Software	12 Dec 202509:29	–	ncsc
NVD	CVE-2025-42874	9 Dec 202516:17	–	nvd
Positive Technologies	PT-2025-49764	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42874	10 Dec 202502:32	–	redhatcve
Tenable Nessus	SAP NetWeaver AS Java DoS (December 2025)	11 Dec 202500:00	–	nessus
Vulnrichment	CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)	9 Dec 202502:14	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "a8f29ddc-1b06-3286-9c54-caab950e5b05",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "08ebc60a-6d48-3786-abe1-f1cc694bb1bc",
        "product": {
          "name": "SAP NetWeaver (remote service for Xcelsius)"
        },
        "product_version": "BI-BASE-S 7.50"
      },
      {
        "id": "0c3a8018-df9e-3774-b6fa-00217ac0de8b",
        "product": {
          "name": "SAP NetWeaver (remote service for Xcelsius)"
        },
        "product_version": "BI-BASE-E 7.50"
      },
      {
        "id": "0db00a71-1ee5-370c-adce-0135a01dbd4e",
        "product": {
          "name": "SAP NetWeaver (remote service for Xcelsius)"
        },
        "product_version": "BI-BASE-B 7.50"
      },
      {
        "id": "3ec9f55f-9c84-324c-93f9-414d866495d0",
        "product": {
          "name": "SAP NetWeaver (remote service for Xcelsius)"
        },
        "product_version": "BI-IBC 7.50"
      },
      {
        "id": "c0e138e1-30e8-3f4d-962d-f2d64846cee2",
        "product": {
          "name": "SAP NetWeaver (remote service for Xcelsius)"
        },
        "product_version": "BIWEBAPP 7.50"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3640185
url	www.url.sap/sapsecuritypatchday
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-42874

09 Dec 2025 18:30Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.9

EPSS0.00061

SSVC