August 15, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake – Active IOCs
July 10, 2025
Multiple Cisco Splunk Products Vulnerabilities
July 10, 2025
SideWinder APT Group aka Rattlesnake – Active IOCs
July 10, 2025
Multiple Cisco Splunk Products Vulnerabilities
July 10, 2025
Severity
Medium
Analysis Summary
CVE-2025-42956 CVSS:6.1
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
CVE-2025-43001 CVSS:6.9
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
CVE-2025-42992 CVSS:6.9
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.
CVE-2025-42986 CVSS:4.3
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
CVE-2025-42985 CVSS:6.1
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-42956
CVE-2025-43001
CVE-2025-42992
CVE-2025-42986
CVE-2025-42985
Affected Vendors
SAP
Affected Products
- SAP NetWeaver Application Server ABAP
- SAPCAR
- SAP BusinessObjects Content Administrator Workbench
- SAP NetWeaver Application Server ABAP SAP_BASIS 700
Remediation
Refer to SAP Website for patch, upgrade, or suggested workaround information.