{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-42954","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2025-04-16T13:25:39.583Z","datePublished":"2025-07-08T00:34:51.556Z","dateUpdated":"2025-07-08T16:14:30.204Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP NetWeaver Business Warehouse (CCAW application)","vendor":"SAP_SE","versions":[{"status":"affected","version":"DW4CORE 100"},{"status":"affected","version":"200"},{"status":"affected","version":"300"},{"status":"affected","version":"400"},{"status":"affected","version":"SAP_BW 700"},{"status":"affected","version":"701"},{"status":"affected","version":"702"},{"status":"affected","version":"731"},{"status":"affected","version":"740"},{"status":"affected","version":"750"},{"status":"affected","version":"751"},{"status":"affected","version":"752"},{"status":"affected","version":"753"},{"status":"affected","version":"754"},{"status":"affected","version":"755"},{"status":"affected","version":"756"},{"status":"affected","version":"757"},{"status":"affected","version":"758"},{"status":"affected","version":"816"},{"status":"affected","version":"SAP_BW_VIRTUAL_COMP 701"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.</p>"}],"value":"SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-835","description":"CWE-835: Loop with Unreachable Exit Condition","lang":"eng","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2025-07-08T00:34:51.556Z"},"references":[{"url":"https://me.sap.com/notes/3608156"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-08T14:31:10.735973Z","id":"CVE-2025-42954","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-08T16:14:30.204Z"}}]}}