CVE-2025-42958 is a critical security vulnerability identified in SAP NetWeaver products running on IBM i-series platforms. The root cause is a missing authentication check within the SAP NetWeaver application, which leads to execution with unnecessary privileges (CWE-250). This flaw allows users who already have high privileges but lack proper authentication to bypass security controls and gain unauthorized access to sensitive information and administrative functionalities. Affected versions include KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.53, KERNEL 7.22, and 7.54. The vulnerability has a CVSS v3.1 base score of 9.1, reflecting its critical nature, with attack vector as network (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and scope changed (S:C). The impact covers confidentiality, integrity, and availability, allowing attackers to read, modify, or delete sensitive data and access privileged functions without proper authentication. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the critical nature of SAP NetWeaver in enterprise environments and the potential for severe business disruption. The vulnerability was reserved in April 2025 and published in September 2025, indicating recent discovery and disclosure. The lack of available patches at the time of reporting necessitates immediate attention to alternative mitigations.

The vulnerability threatens the confidentiality, integrity, and availability of SAP NetWeaver applications on IBM i-series systems. Successful exploitation could lead to unauthorized disclosure of sensitive business data, unauthorized modification or deletion of critical information, and unauthorized execution of administrative functions. This could disrupt business operations, cause financial losses, damage organizational reputation, and potentially lead to regulatory non-compliance. Given SAP NetWeaver’s widespread use in enterprise resource planning (ERP), supply chain, and financial systems, the impact could cascade across multiple business units and partners. The requirement for high privileges limits exploitation to insiders or compromised accounts, but the missing authentication check significantly lowers the barrier for privilege escalation and lateral movement within affected environments. Organizations relying on these SAP versions face a heightened risk of targeted attacks, especially from advanced persistent threat (APT) actors seeking to exploit critical infrastructure or valuable intellectual property.

1. Immediately inventory SAP NetWeaver instances running on IBM i-series to identify affected versions. 2. Apply vendor patches or updates as soon as they become available; monitor SAP security advisories closely. 3. Implement strict access controls and least privilege principles to limit high-privilege user accounts and monitor their activities. 4. Enforce multi-factor authentication (MFA) for all privileged SAP accounts to reduce risk of credential compromise. 5. Use network segmentation and firewall rules to restrict access to SAP NetWeaver management interfaces to trusted hosts only. 6. Enable detailed logging and continuous monitoring of SAP system activities to detect anomalous behavior indicative of exploitation attempts. 7. Conduct regular security audits and penetration testing focusing on authentication and privilege escalation vectors within SAP environments. 8. Educate administrators and users about the risks of privilege misuse and the importance of secure credential management. 9. Prepare incident response plans specific to SAP system compromise scenarios to enable rapid containment and recovery. 10. Consider deploying application-layer firewalls or SAP-specific security tools that can detect and block unauthorized access attempts.