What is the CVSS score of CVE-2025-42963?

CVE-2025-42963 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Java are affected by CVE-2025-42963?

CVE-2025-42963 presents critical security risk, a insecure deserialization vulnerability rated CVSS 9.1.

How to fix or mitigate CVE-2025-42963?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Java CVE-2025-42963

EUVD-2025-20346 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-07-08 cna@sap.com

Java Deserialization SAP

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20346

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 01:15 nvd

CRITICAL 9.1

DescriptionNVD

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

Analysis

Technical ContextAI

Insecure deserialization occurs when untrusted data is used to reconstruct objects, allowing attackers to manipulate serialized data to execute arbitrary code. This vulnerability is classified as Deserialization of Untrusted Data (CWE-502).

RemediationAI

Avoid deserializing untrusted data. Use safe serialization formats (JSON instead of native serialization). Implement integrity checks on serialized data.

CVE-2025-42963 vulnerability details – vuln.today

Back

Java CVE-2025-42963

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code