CVE-2025-42996 MEDIUM

CVE-2025-42996: Multiple vulnerabilities in SAP MDM Server

Vendor Sap_Se
Product SAP MDM Server
Weakness CWE-590
Published June 10, 2025
Last update June 10, 2025

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated