CVE-2025-42935 MEDIUM

CVE-2025-42935: Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)

Vendor Sap_Se
Product SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)
Weakness CWE-532 · Sensitive info in logs
Published August 12, 2025
Last update August 12, 2025

CVSS base score

4.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 12, 2025 Record updated