CVE-2025-42935 is a medium-severity vulnerability affecting SAP NetWeaver Application Server ABAP and ABAP Platform's Internet Communication Manager (ICM). The vulnerability is categorized under CWE-532, which involves the insertion of sensitive information into log files. Specifically, authorized users with administrative privileges and local access to the system's log files can read sensitive information that should not be exposed. This results in an information disclosure vulnerability impacting the confidentiality of the application environment. The vulnerability affects multiple versions of SAP NetWeaver AS for ABAP and ABAP Platform, including versions 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15, and 9.16, among others. The CVSS v3.1 base score is 4.1, reflecting a medium severity level. The vector string (AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N) indicates that the attack vector requires local access (AV:L), high attack complexity (AC:H), and privileges (PR:H), with no user interaction (UI:N). The impact is limited to confidentiality (C:H), with no impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability arises because sensitive data is logged in a manner accessible to privileged users, which could include credentials, tokens, or other confidential information. This exposure could be leveraged by malicious insiders or attackers who have gained administrative access to escalate their privileges or move laterally within the network.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive business data processed within SAP environments. SAP NetWeaver is widely used across various industries in Europe, including manufacturing, finance, utilities, and public sector organizations. Unauthorized disclosure of sensitive information through log files could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. Since the vulnerability requires administrative privileges and local access, the primary risk vector is insider threats or attackers who have already compromised administrative accounts. The exposure of sensitive information could facilitate further attacks such as privilege escalation, lateral movement, or targeted espionage. Given the critical role SAP systems play in business operations, any compromise of confidentiality can disrupt trust and lead to financial and legal consequences. The lack of impact on integrity and availability means operational disruption is unlikely, but the confidentiality breach alone is serious, especially in regulated sectors.

European organizations should implement the following specific mitigations: 1) Restrict and tightly control administrative and local access to SAP NetWeaver servers and log files, employing the principle of least privilege and strong authentication mechanisms such as multi-factor authentication (MFA). 2) Regularly audit and monitor access to log files and administrative actions to detect unauthorized or suspicious activity promptly. 3) Implement log management best practices, including encryption of log files at rest and in transit, and segregate logs to minimize exposure of sensitive information. 4) Review and sanitize logging configurations to ensure sensitive data is not unnecessarily recorded in logs; disable verbose logging that may capture confidential information. 5) Apply SAP security notes and patches as soon as they become available for this vulnerability. 6) Conduct internal security awareness training focused on insider threat risks and secure handling of administrative credentials. 7) Employ endpoint detection and response (EDR) tools on SAP servers to detect anomalous local access patterns. These measures go beyond generic advice by focusing on access control, log hygiene, and proactive monitoring tailored to the SAP environment.