CVE-2025-42928

Critical

Published: 09 December 2025

Published

09 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0135 80.2th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on…

confidentiality, integrity and availability of the system.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation through patching, directly addressing the deserialization vulnerability in SAP jConnect as recommended in SAP security notes.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of information inputs, preventing exploitation via specially crafted input that triggers the deserialization leading to RCE.

AC-6 Least Privilege partial match

prevent

AC-6 enforces least privilege, reducing the attack surface by limiting high-privileged user accounts (PR:H) capable of exploiting the vulnerability.

Security SummaryAI

CVE-2025-42928 is a deserialization vulnerability (CWE-502) in SAP jConnect that enables remote code execution under certain conditions. A high-privileged user can exploit it by providing specially crafted input, leading to high impact on the confidentiality, integrity, and availability of the affected system. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and was published on 2025-12-09.

A high-privileged user (PR:H) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation results in remote code execution with a changed scope (S:C), granting high-level compromise of confidentiality, integrity, and availability (C:H/I:H/A:H).

SAP advisories provide mitigation details in security note 3685286 and via the SAP Security Patch Day at the referenced URLs, recommending application of available patches to address the vulnerability.

Details

CWE(s): CWE-502

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Deserialization vulnerability (CWE-502) exploited remotely by high-privileged user for RCE with scope change, directly enabling Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://me.sap.com/notes/3685286
cna@sap.com
https://url.sap/sapsecuritypatchday
cna@sap.com