CVE-2025-42895 MEDIUM

CVE-2025-42895: Code Injection vulnerability in SAP HANA JDBC Client

Vendor Sap_Se
Product SAP HANA JDBC Client
Weakness CWE-94 · Code injection
Published November 11, 2025
Last update November 12, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated