Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SAP NetWeaver AS ABAP Multiple Vulnerabilities (October 2025)

🗓️ 17 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

SAP NetWeaver ABAP has flaws: memory crash, browser storage data exposure, and cross site forgery enabling unauthorized transactions.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(270697);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/17");

  script_cve_id(
    "CVE-2025-0059",
    "CVE-2025-42902",
    "CVE-2025-42908"
  );
  script_xref(name:"IAVB", value:"2025-A-0739");

  script_name(english:"SAP NetWeaver AS ABAP Multiple Vulnerabilities (October 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver ABAP server may be affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of SAP NetWeaver Application Server for ABAP detected on the remote host is affected by multiple
vulnerabilities as disclosed in the SAP Security Patch Day October 2025:

  - Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated
  attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This
  leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the
  availability but no impact on the confidentiality and integrity. (CVE-2025-42902)
  
  - Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the
  local browser storage to improve usability. An attacker with administrative privileges or access to the
  victim's user directory on the Operating System level would be able to read this data. Depending on the user
  input provided in transactions, the disclosed data could range from non-critical data to highly sensitive
  data, causing high impact on confidentiality of the application. (CVE-2025-0059)

  - Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an
  authenticated attacker could initiate transactions directly via the session manager, bypassing the first
  transaction screen and the associated authorization check. This vulnerability could allow the attacker to
  perform actions and execute transactions that would normally require specific permissions, compromising the
  integrity and confidentiality of the system by enabling unauthorized access to restricted functionality.
  There is no impact to availability from this vulnerability. (CVE-2025-42908)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9950e280");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3627308");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3503138");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3642021");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0059");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/01/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/17");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_netweaver_as_web_detect.nbin");
  script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 8000, 50000);

  exit(0);
}

include('vcf_extras_sap.inc');

var app_info = vcf::sap_netweaver_as::get_app_info();

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var constraints = [
  {'equal': '7.22', 'fixed_display': 'See vendor advisory'},
  {'equal': '7.53', 'fixed_display': 'See vendor advisory'},
  {'equal': '7.54', 'fixed_display': 'See vendor advisory'},
  {'equal': '7.77', 'fixed_display': 'See vendor advisory'},
  {'equal': '7.89', 'fixed_display': 'See vendor advisory'},
  {'equal': '7.93', 'fixed_display': 'See vendor advisory'},
  {'equal': '9.12', 'fixed_display': 'See vendor advisory'},
  {'equal': '9.14', 'fixed_display': 'See vendor advisory'},
  {'equal': '9.15', 'fixed_display': 'See vendor advisory'},
  {'equal': '9.16', 'fixed_display': 'See vendor advisory'}
];

vcf::sap_netweaver_as::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING,
  abap:true
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Oct 2025 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.16
EPSS0.0008
SSVC
netweaverabap servermemory crashdata exposurecross site forgery
3