1. Home
  2. CVE Database
  3. CVE-2025-42902
MEDIUM · 5.3

CVE-2025-42902

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application ...

Vulnerability Description

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Related Weaknesses (CWE)

CWE-476

References

FAQ

What is CVE-2025-42902?

CVE-2025-42902 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application ...

How severe is CVE-2025-42902?

CVE-2025-42902 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-42902?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.