Is CVE-2025-42874 actively exploited?

CVE-2025-42874 has no public evidence of in-the-wild exploitation as of 2026-04-15.

What is the CVSS score for CVE-2025-42874?

CVE-2025-42874 has a CVSS score of 7.9 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H.

How do I patch CVE-2025-42874?

Patch guidance is available from SAP security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-42874.

Which products are affected by CVE-2025-42874?

1 product: SAP Refer to Description.

Fix CVE-2025-42874 - HIGH SAP Refer to Description

Description

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:H
Attack Vector: network
Complexity: high
Privileges: high
User Action: none
Scope: changed
Confidentiality: low
Integrity: high
Availability: high
Weaknesses: CWE-405

Metadata

Primary Vendor: SAP
Published: 12/9/2025
Last Modified: 4/15/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

SAP : Refer to Description

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-42874. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-42874

View on NIST NVD

CVE-2025-42874 vulnerability