VDB

CISA-2025-42878

CISA-2025-42878 PUBLISHED CVSS 8.2 HIGH

Reported by sap · Published December 9, 2025

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Risk Scores

CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

Affected Products

VendorProductVersions
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.22EXT, KRNL64UC 7.22, 7.53

Timeline

  • Dec 9, 2025 CVE Published
  • Dec 9, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›