CVE-2025-42874 HIGH

CVE-2025-42874: Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)

Vendor Sap_Se
Product SAP NetWeaver (remote service for Xcelsius)
Weakness CWE-405
Published December 9, 2025
Last update December 9, 2025

CVSS base score

7.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H

What the vulnerability does

01Description

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
December 9, 2025 Record updated