CVE-2025-42995
Published: 10 June 2025
Summary
CVE-2025-42995 is a high-severity Free of Memory not on the Heap (CWE-590) vulnerability in Sap (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17594
Vulnerability details
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact…
more
on confidentiality and integrity of the application.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.