CVE-2025-42966
Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
SAP_SE · SAP NetWeaver (XML Data Archiving Service)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →