Cyber Posture

CVE-2025-42937

Critical

Published: 14 October 2025

Published
14 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 52.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-42937 is a critical-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Sap (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the insufficient validation of user-provided path information to prevent directory traversal and unauthorized file overwrites.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of flaws like this critical directory traversal vulnerability through patching as recommended in SAP security notes.

SI-7 Software, Firmware, and Information Integrity partial match
detect

Provides integrity monitoring to detect unauthorized overwrites of system files resulting from successful directory traversal exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is a path traversal in SAP Print Service allowing unauthenticated remote attackers to overwrite system files, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.

Deeper analysisAI

CVE-2025-42937 is a critical directory traversal vulnerability in SAP Print Service (SAPSprint), stemming from insufficient validation of user-provided path information (CWE-35). This flaw allows attackers to access parent directories and overwrite system files, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its potential for high impact on confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no user interaction or privileges required. By supplying specially crafted path data to SAPSprint, the attacker can traverse directories and overwrite critical system files, enabling full compromise of the affected application.

SAP has published mitigation details in security note 3630595 at https://me.sap.com/notes/3630595, as part of their SAP Security Patch Day resources at https://url.sap/sapsecuritypatchday. Security practitioners should review these advisories and apply the provided patches immediately to affected systems.

Details

CWE(s)
CWE-35

Affected Products

Sap
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-41723Shared CWE-35
CVE-2025-24685Shared CWE-35
CVE-2026-25397Shared CWE-35
CVE-2024-49249Shared CWE-35
CVE-2025-59793Shared CWE-35
CVE-2025-25122Shared CWE-35
CVE-2025-67914Shared CWE-35
CVE-2025-26354Shared CWE-35
CVE-2024-54362Shared CWE-35
CVE-2025-22205Shared CWE-35

References