VDB
CISA-2025-42878
CISA-2025-42878
PUBLISHED
CVSS 8.2 HIGH
Reported by sap · Published December 9, 2025
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.
Risk Scores
CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22 |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.22EXT, KRNL64UC 7.22, 7.53 |
Timeline
- Dec 9, 2025 CVE Published
- Dec 9, 2025 CVE Updated