CVE-2025-42958 is a critical vulnerability identified in SAP NetWeaver running on IBM i-series platforms. The root cause is a missing authentication check within the SAP NetWeaver application, which allows users with high privileges but unauthorized access to perform actions beyond their intended permissions. Specifically, this flaw permits such users to read, modify, or delete sensitive information and access administrative or privileged functionalities without proper authorization. The affected versions include multiple releases of SAP NetWeaver, notably KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.53, KERNEL 7.22, and 7.54. The vulnerability is classified under CWE-250, which relates to execution with unnecessary privileges, indicating that the application grants more privileges than necessary or fails to verify them correctly. The CVSS v3.1 base score is 9.1, reflecting a critical severity with network attack vector, low attack complexity, high privileges required, no user interaction needed, and a scope change that impacts confidentiality, integrity, and availability at a high level. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a significant risk for organizations using the affected SAP NetWeaver versions on IBM i-series systems. Attackers exploiting this flaw could compromise sensitive business data, disrupt operations, and gain control over critical administrative functions, potentially leading to widespread damage within enterprise environments.

For European organizations, the impact of CVE-2025-42958 is substantial due to the widespread use of SAP NetWeaver in enterprise resource planning (ERP), supply chain management, and other critical business processes. The ability for unauthorized high-privileged users to access or manipulate sensitive data threatens confidentiality, potentially exposing personal data protected under GDPR and other privacy regulations. Integrity is compromised as attackers could alter financial records, transaction data, or configuration settings, leading to erroneous business decisions or fraudulent activities. Availability risks arise if attackers delete or disrupt essential application components, causing downtime and operational losses. Given SAP's integral role in many European industries such as manufacturing, finance, and public sector services, exploitation could lead to regulatory penalties, reputational damage, and significant financial costs. The vulnerability’s exploitation could also facilitate lateral movement within networks, increasing the risk of broader compromise. The lack of user interaction and low attack complexity further heightens the threat, making it feasible for insider threats or compromised accounts to leverage this flaw effectively.

To mitigate CVE-2025-42958, European organizations should prioritize the following actions: 1) Immediate assessment of SAP NetWeaver installations to identify affected versions on IBM i-series platforms. 2) Apply vendor patches or updates as soon as they become available; if patches are not yet released, implement compensating controls such as restricting high-privileged user access to SAP NetWeaver systems and enforcing strict network segmentation to limit exposure. 3) Conduct thorough audits of user privileges and remove unnecessary high-level permissions, ensuring the principle of least privilege is enforced. 4) Enhance monitoring and logging of SAP NetWeaver administrative activities to detect anomalous access patterns or unauthorized privilege escalations. 5) Implement multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential misuse. 6) Regularly review and update SAP security configurations, including authentication mechanisms and access controls, to prevent similar privilege-related vulnerabilities. 7) Educate system administrators and security teams about this vulnerability and the importance of timely patching and access management. These targeted measures go beyond generic advice by focusing on the unique aspects of the vulnerability’s exploitation path and the affected platform environment.