September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple IBM Products Vulnerabilities
July 15, 2025CVE-2025-6265 – Zyxel NWA50AX PRO Firmware Vulnerability
July 15, 2025Multiple IBM Products Vulnerabilities
July 15, 2025CVE-2025-6265 – Zyxel NWA50AX PRO Firmware Vulnerability
July 15, 2025
Severity
Medium
Analysis Summary
CVE-2025-42971 CVSS:4
SAP SAPCAR could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory corruption flaw.
CVE-2025-42970 CVSS:5.8
SAP SAPCAR could allow a local authenticated attacker to traverse directories on the system to overwrite arbitrary files in unintended locations.
CVE-2025-42969 CVSS:6.1
SAP NetWeaver Application Server ABAP and ABAP Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
CVE-2025-42968 CVSS:5
SAP NetWeaver (RFC enabled function module) could allow a remote authenticated attacker to obtain non-sensitive information about the SAP system and OS, caused by improper authorization validation.
CVE-2025-42965 CVSS:4.1
SAP BusinessObjects BI Platform Central Management Console Promotion Management Application is vulnerable to server-side request forgery, caused by improper input validation during job source configuration.
Impact
- Gain Access
- Code Execution
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-42971
CVE-2025-42970
CVE-2025-42969
CVE-2025-42968
CVE-2025-42965
Affected Vendors
SAP
Affected Products
- SAP NetWeaver Application Server ABAP
- SAPCAR
- SAP BusinessObjects BI Platform Central Management Console Promotion Management Application
Remediation
Refer to SAP Website for patch, upgrade, or suggested workaround information.