CVE-2025-42995 HIGH

CVE-2025-42995: Multiple vulnerabilities in SAP MDM Server

Vendor Sap_Se
Product SAP MDM Server
Weakness CWE-590
Published June 10, 2025
Last update June 10, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated