CVE-2025-42925 is a medium severity vulnerability affecting the SAP NetWeaver AS Java IIOP (Internet Inter-ORB Protocol) service, specifically in the SERVERCORE 7.50 version. The vulnerability arises from the predictable assignment of Object Identifiers (OIDs) due to insufficient randomness in their generation. An authenticated attacker with low privileges can exploit this flaw by performing a brute force search to predict OIDs. By analyzing several OIDs generated around the same time, the attacker can infer the pattern and predict other identifiers. This capability allows the attacker to access limited system information that would otherwise be inaccessible. The vulnerability is classified under CWE-341, which relates to predictable values from observable states. The CVSS v3.1 base score is 4.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), and no integrity or availability impact (I:N/A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability does not affect integrity or availability but poses a low confidentiality risk by potentially exposing limited system information through predictable OIDs. The attack requires authentication but only low privileges, making it feasible for insiders or compromised low-level accounts. The lack of randomness in OID assignment is a design weakness that could be mitigated by incorporating stronger entropy sources or cryptographically secure random number generation in the identifier assignment process.

For European organizations using SAP NetWeaver AS Java SERVERCORE 7.50, this vulnerability could lead to unauthorized access to limited system information, which might include metadata or configuration details that could aid further attacks or reconnaissance. Although the confidentiality impact is low and there is no direct threat to integrity or availability, the exposure of system information can be leveraged by attackers to map system internals or identify additional vulnerabilities. This is particularly relevant for enterprises relying heavily on SAP for critical business processes, such as manufacturing, finance, or supply chain management. The requirement for authentication with low privileges limits the attack surface to insiders or compromised accounts, but given the widespread use of SAP in European enterprises, the risk remains significant. Organizations in regulated sectors (e.g., finance, healthcare) may face compliance concerns if sensitive information is inadvertently exposed. Additionally, the vulnerability could be exploited as part of a multi-stage attack chain, where initial information disclosure facilitates privilege escalation or lateral movement within the network.

1. Monitor SAP's official security advisories closely for patches or updates addressing CVE-2025-42925 and apply them promptly once available. 2. Implement strict access controls and monitoring on accounts with any level of authentication to the SAP NetWeaver AS Java IIOP service, minimizing the number of users with access and enforcing least privilege principles. 3. Employ enhanced logging and anomaly detection to identify unusual patterns of OID requests or brute force attempts targeting the IIOP service. 4. Consider network segmentation to restrict access to the SAP IIOP service only to trusted hosts and users, reducing exposure to potential attackers. 5. Conduct regular security audits and penetration testing focused on SAP environments to detect exploitation attempts or related weaknesses. 6. Where feasible, configure SAP NetWeaver to increase randomness in identifier generation or apply custom patches/workarounds recommended by SAP support. 7. Educate internal users about the risks of credential compromise and enforce strong authentication mechanisms, such as multi-factor authentication, to reduce the likelihood of low-privilege account compromise.