CVE-2025-42878NVD

Vulnerability Summary

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Severity Level

HIGH(8.2)

Published Date

Dec 9, 2025

Last Modified

Dec 9, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-1244: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityLow

AvailabilityHigh

External References

https://me.sap.com/notes/3684682
https://url.sap/sapsecuritypatchday