CVE-2025-42908

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP (affected versions not specified)

Description A Cross-Site Request Forgery (CSRF) issue exists in SAP NetWeaver Application Server for ABAP. An authenticated attacker may be able to initiate transactions directly through the session manager, circumventing the initial transaction screen and its associated authorization checks. This could allow the attacker to perform actions and execute transactions without the necessary permissions, potentially compromising system integrity and confidentiality by granting unauthorized access to restricted functionality. There is no impact to availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.