CVE-2025-42976 HIGH

CVE-2025-42976: Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

Vendor Sap_Se
Product SAP NetWeaver Application Server ABAP (BIC Document)
Weakness CWE-125
Published August 12, 2025
Last update August 13, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 13, 2025 Record updated