Cyber Posture

CVE-2025-42878

High

Published: 09 December 2025

Published
09 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
EPSS Score 0.0016 35.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality,…

more

availability and low impact on integrity and of the application.

Mitigating Controls (NIST 800-53 r5)AI

CM-7 Least Functionality good match
prevent

CM-7 Least Functionality directly prevents exposure by prohibiting non-essential internal testing interfaces in production SAP Web Dispatcher and ICM configurations.

CM-6 Configuration Settings good match
prevent

CM-6 Configuration Settings enforces documented, restrictive configurations that disable unintended testing interfaces, comprehensively mitigating the vulnerability.

SI-2 Flaw Remediation good match
prevent

SI-2 Flaw Remediation requires timely implementation of SAP security note 3684682 to correct the exposure of testing interfaces.

Security SummaryAI

CVE-2025-42878 is a vulnerability in SAP Web Dispatcher and Internet Communication Manager (ICM) that may expose internal testing interfaces not intended for production use. If these interfaces are enabled, they can be exploited, resulting in high impact on confidentiality and availability, with low impact on integrity. The vulnerability is rated with a CVSS v3.1 base score of 8.2 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H) and is associated with CWE-1244.

Unauthenticated attackers can exploit this vulnerability over the network, though it requires high attack complexity and user interaction. Successful exploitation allows attackers to access diagnostics, send crafted requests, or disrupt services, potentially compromising sensitive information and service availability while having limited integrity effects.

SAP provides mitigation guidance in security note 3684682 (https://me.sap.com/notes/3684682) and details on the SAP Security Patch Day page (https://url.sap/sapsecuritypatchday).

Details

CWE(s)
CWE-1244

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Exposes exploitable testing interfaces in public-facing SAP Web Dispatcher/ICM (T1190), enabling access to diagnostics (confidentiality impact) and service disruption (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References