CVE-2025-42878 HIGH

CVE-2025-42878: Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)

Vendor Sap_Se
Product SAP Web Dispatcher and Internet Communication Manager (ICM)
Weakness CWE-1244
Published December 9, 2025
Last update December 9, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

What the vulnerability does

01Description

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
December 9, 2025 Record updated