CVE-2025-42908 is a Cross-Site Request Forgery (CSRF) vulnerability identified in SAP NetWeaver Application Server for ABAP, impacting multiple versions including KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, and 9.16. The vulnerability arises because the session manager allows an authenticated attacker to initiate transactions directly, bypassing the first transaction screen and its associated authorization checks. This bypass means that the attacker can execute transactions that normally require specific permissions without those permissions being verified at the initial stage. The flaw compromises the confidentiality and integrity of the SAP system by enabling unauthorized access to restricted functionality and potentially sensitive data. The vulnerability does not affect availability, meaning the system remains operational but is at risk of unauthorized data manipulation or disclosure. The CVSS v3.1 base score is 5.4, reflecting a medium severity level, with the vector indicating network attack vector, low attack complexity, requiring privileges, no user interaction, and impacting confidentiality and integrity. No patches or exploits are currently publicly available, but the vulnerability is officially published and should be addressed promptly. The root cause is a CSRF weakness (CWE-352), where the application fails to properly validate the origin of requests, allowing attackers to forge requests within an authenticated session.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of critical business processes managed through SAP NetWeaver Application Server for ABAP. Unauthorized transaction execution could lead to data leakage, unauthorized changes to financial records, or manipulation of business-critical workflows. Given SAP's widespread use in Europe across sectors such as manufacturing, finance, utilities, and public administration, exploitation could disrupt trust in enterprise data and compliance with data protection regulations like GDPR. Although availability is not impacted, the integrity compromise could result in financial losses, regulatory penalties, and reputational damage. Attackers with valid credentials could leverage this vulnerability to escalate privileges indirectly or perform unauthorized operations, increasing insider threat risks. The lack of user interaction required simplifies exploitation once authentication is obtained, emphasizing the importance of strong access controls and monitoring.

European organizations should immediately assess their SAP NetWeaver Application Server for ABAP versions against the affected list and prioritize patching once SAP releases official fixes. In the interim, implement strict session management controls, including enforcing anti-CSRF tokens on all transaction requests and validating the origin of requests to prevent forgery. Restrict and monitor privileged user accounts to reduce the risk of credential compromise. Employ network segmentation and application-layer firewalls to limit exposure of SAP interfaces to trusted networks only. Enable detailed logging and real-time monitoring of transaction initiation to detect anomalous or unauthorized activities promptly. Conduct regular security audits and penetration testing focused on SAP environments to identify potential exploitation paths. Educate users on secure authentication practices and enforce multi-factor authentication (MFA) to reduce the risk of credential misuse. Collaborate with SAP support and security advisories to stay informed about patches and updates related to this vulnerability.