CVE-2025-42885 MEDIUM

CVE-2025-42885: Missing authentication in SAP HANA 2.0 (hdbrss)

Vendor Sap_Se
Product SAP HANA 2.0 (hdbrss)
Weakness CWE-306 · Missing auth
Published November 11, 2025
Last update November 12, 2025

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated