CVE-2025-42959

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3600846
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Un atacante no autenticado podría explotar una situación en la que una credencial de Código de Autenticación de Mensajes Hash (HMAC), extraída de un sistema sin parches de seguridad específicos, se reutiliza en un ataque de repetición contra otro sistema. Incluso si el sistema objetivo cuenta con todos los parches instalados, una explotación exitosa podría comprometer completamente el sistema, afectando la confidencialidad, la integridad y la disponibilidad.

08 Jul 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 01:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-42959

Mitre link : CVE-2025-42959

CVE.ORG link : CVE-2025-42959

JSON object : View

Products Affected

No product.

CWE

CWE-308

Use of Single-factor Authentication

8.1 /10