CVE-2025-42911 is a medium-severity vulnerability affecting SAP NetWeaver's Service Data Download functionality across multiple SAP_BASIS versions ranging from 700 to 816. The vulnerability is classified under CWE-862, which corresponds to Missing Authorization. Specifically, an authenticated user with at least low-level privileges can invoke a remote-enabled function module without proper authorization checks. This flaw allows the user to access information about the underlying SAP system and the operating system it runs on. While the vulnerability does not permit modification of data or disruption of service, it leaks system information that could be leveraged for further attacks. The CVSS 3.1 base score is 5.0, reflecting a network attack vector with low attack complexity, requiring privileges but no user interaction, and impacting confidentiality only. The scope is changed, indicating that the vulnerability affects resources beyond the initially vulnerable component. No known exploits are currently reported in the wild, and no patches are linked yet. The vulnerability's impact is limited to information disclosure, with no direct effect on integrity or availability.

For European organizations, especially those heavily reliant on SAP NetWeaver for enterprise resource planning and business operations, this vulnerability poses a moderate risk. The unauthorized disclosure of system and OS information can aid attackers in crafting targeted attacks, such as privilege escalation or lateral movement within the network. Although the immediate confidentiality impact is low, the information leakage could be a stepping stone for more severe breaches. Organizations in regulated industries (finance, healthcare, manufacturing) may face compliance risks if sensitive system details are exposed. Given SAP's widespread use in Europe, the vulnerability could affect critical infrastructure and large enterprises, potentially leading to reputational damage and operational disruptions if exploited in chained attacks.

Organizations should implement strict access controls and ensure that only trusted and necessary users have authenticated access to SAP NetWeaver systems. Monitoring and logging of remote function calls should be enhanced to detect unusual access patterns. Applying SAP security notes and patches as soon as they become available is critical. In the interim, restricting network access to SAP NetWeaver Service Data Download interfaces via network segmentation and firewall rules can reduce exposure. Conducting regular security audits and penetration testing focused on SAP environments will help identify and remediate authorization weaknesses. Additionally, applying the principle of least privilege to SAP user roles and disabling unused remote-enabled function modules can limit the attack surface.