CVE-2025-42928 CRITICAL

CVE-2025-42928: Deserialization Vulnerability in SAP jConnect - SDK for ASE

Vendor Sap_Se

Product SAP jConnect - SDK for ASE

Weakness CWE-502 · Unsafe deserialization

Published December 9, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system.

Key dates

02Disclosure timeline

December 9, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42928

Related vulnerabilities

Identifiers

CVE CVE-2025-42928

CWE CWE-502

CVSS 9.1 / CRITICAL

Affected versions

Vendor Sap_Se

Product SAP jConnect - SDK for ASE

Affected SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4

Vendor Sap_Se

Product SAP jConnect - SDK for ASE

Affected 16.1

CVE-2025-42928: Deserialization Vulnerability in SAP jConnect - SDK for ASE

01Description

02Disclosure timeline

03References

04Related CVE