CVE-2025-42877 HIGH

CVE-2025-42877: Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server

Vendor Sap_Se
Product SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
Weakness CWE-787
Published December 9, 2025
Last update December 9, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
December 9, 2025 Record updated