CVE-2025-42959

High CVSS: 8.1

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.

Vendor

Product

CWE

CWE-308

Yayın Tarihi

2025-07-08 01:15:22

Güncelleme

2025-07-08 16:18:14

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-308 HIGH 2025

Referanslar

https://me.sap.com/notes/3600846 https://url.sap/sapsecuritypatchday