1. Home
  2. CVE Database
  3. CVE-2025-42874
HIGH · 7.9

CVE-2025-42874

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper ...

Vulnerability Description

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.

CVSS Score

7.9

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-405

References

FAQ

What is CVE-2025-42874?

CVE-2025-42874 is a vulnerability with a CVSS score of 7.9 (HIGH). SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper ...

How severe is CVE-2025-42874?

CVE-2025-42874 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-42874?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.