What is the CVSS score of CVE-2025-42953?

CVE-2025-42953 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of SAP are affected by CVE-2025-42953?

CVE-2025-42953 presents notable security risk, a missing authorization vulnerability rated CVSS 8.1.

How to fix or mitigate CVE-2025-42953?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

SAP CVE-2025-42953

EUVD-2025-20352 HIGH

Missing Authorization (CWE-862)

2025-07-08 cna@sap.com

Authentication Bypass SAP

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20352

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 01:15 nvd

HIGH 8.1

DescriptionNVD

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

AnalysisAI

CVE-2025-42953 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-862 (Missing Authorization). CVSS 8.1 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-42953 vulnerability details – vuln.today

Back