CVE-2025-42954 LOW

CVE-2025-42954: Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application)

Vendor Sap_Se
Product SAP NetWeaver Business Warehouse (CCAW application)
Weakness CWE-835
Published July 8, 2025
Last update July 8, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 8, 2025 Record updated