CVE-2025-42954
Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application)
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected products
SAP_SE · SAP NetWeaver Business Warehouse (CCAW application)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →