What is the CVSS score of CVE-2025-42995?

CVE-2025-42995 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of SAP are affected by CVE-2025-42995?

SAP MDM Server instances are vulnerable to a denial-of-service attack that could cause unexpected service outages, impacting business operations that depend on master data availability.

How to fix or mitigate CVE-2025-42995?

Within 24 hours: Identify and inventory all SAP MDM Server instances in your environment and assess their criticality to business operations. Within 7 days: Implement network segmentation to restrict access to MDM servers and deploy WAF rules to filter malicious packet patterns; disable non-essential read functions if operationally feasible. Within 30 days: Monitor SAP security channels for patch availability and establish a change management process for immediate deployment once available.

SAP CVE-2025-42995

EUVD-2025-17594 HIGH

Free of Memory not on the Heap (CWE-590)

2025-06-10 cna@sap.com

Denial Of Service Memory Corruption SAP

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17594

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 01:15 nvd

HIGH 7.5

DescriptionNVD

SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

AnalysisAI

Denial-of-service vulnerability in SAP MDM Server's Read function that allows unauthenticated network attackers to trigger memory read access violations by sending specially crafted packets, causing the server process to crash and become unavailable. The vulnerability affects SAP MDM Server with a CVSS score of 7.5 (high severity) but is limited to availability impact with no confidentiality or integrity compromise. Status of active exploitation (KEV) and proof-of-concept availability are not specified in available intelligence.

Technical ContextAI

The vulnerability exists in SAP MDM Server's Read function implementation and is classified under CWE-590 (Improper Null Dereference or Insufficient Null Checking), indicating the root cause involves improper memory access handling or null pointer dereference logic. The flaw allows attackers to craft malicious network packets that trigger unhandled memory read exceptions in the server process. SAP MDM (Master Data Management) is an enterprise data governance platform that typically runs on Windows or Linux infrastructure and handles critical business data through network-accessible services. The Read function processes incoming network requests, and insufficient input validation or bounds checking allows crafted packets to reference invalid memory addresses, causing an access violation that terminates the process rather than being gracefully handled.

RemediationAI

Immediate remediation steps: (1) Contact SAP support or monitor SAP Security Advisories for available patches and their version numbers; (2) If patches are unavailable, implement network-level controls restricting access to SAP MDM Server ports (typically TCP 50000-50050 for default installations) to trusted internal networks only; (3) Deploy intrusion detection signatures to identify specially crafted packets targeting the Read function; (4) Monitor SAP MDM Server process logs for repeated crashes or access violation errors; (5) Implement high-availability clustering or failover mechanisms to automatically restart crashed MDM instances to reduce downtime impact. Temporary workarounds pending patches include: disabling external network access to MDM ports, requiring VPN connectivity, implementing packet inspection firewalls, or reducing server exposure through network segmentation. Once SAP publishes patches, apply them to all affected MDM instances in a controlled maintenance window, testing thoroughly in non-production environments first given the critical nature of MDM systems.

CVE-2025-42995 vulnerability details – vuln.today

Back

SAP CVE-2025-42995

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code