SAP NetWeaver Application Server ABAP is a component of the SAP NetWeaver platform that serves as the runtime environment for ABAP-based applications in the SAP system landscape. It is specifically designed to host and execute applications developed using the ABAP programming language.

SAP NetWeaver Application Server ABAP

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-42989	CRITICAL	9.6	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Jun 10, 2025
CVE-2025-42945	MEDIUM	6.1	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Aug 12, 2025
CVE-2025-42956	MEDIUM	6.1	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Jul 08, 2025
CVE-2025-42981	MEDIUM	6.1	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Jul 08, 2025
CVE-2025-42969	MEDIUM	6.1	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Jul 08, 2025

CVE-2025-42989:
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

9.6

Related SAP NetWeaver Application Server ABAP vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-42989: SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation