Multiple SAP Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-42982 CVSS:8.8

SAP GRC (AC Plugin) could allow a remote authenticated attacker to access and initiate transaction to modify or control the transmitted system credentials, caused by an missing authorization valuation.

CVE-2025-42977 CVSS:7.6

SAP NetWeaver Visual Composer could allow a remote authenticated attacker to traverse directories on the system to read or modify arbitrary files.

Impact

Gain Access
Data Manipulation

Indicators of Compromise

CVE

CVE-2025-42982
CVE-2025-42977

Affected Vendors

SAP

Affected Products

SAP GRC (AC Plugin) V1100_700
SAP GRC (AC Plugin) V1100_731
SAP NetWeaver Visual Composer VCBASE 7.50

Remediation

Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)

CVE-2025-42982

CVE-2025-42977

AsyncRAT – Active IOCs

Multiple Mozilla Products Vulnerabilities

Multiple SAP Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan