CVE-2025-42935

Name: Websites susceptible to CVE-2025-42935
Creator: WebTechSurvey

CVE-2025-42935

Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.

We have discovered 106 live websites that are affected by CVE-2025-42935.

Run a Free Instant Scan

Affected Software


Product	NetWeaver Application Server
Category	Web Application Server
Vulnerable Domains	106 live websites (73% of NetWeaver Application Server install base)
Vulnerable Versions	from 7.53 through 7.53 from 7.54 through 7.54 from 7.77 through 7.77 from 7.89 through 7.89 from 7.93 through 7.93 from 9.14 through 9.14 from 9.15 through 9.15 from 9.16 through 9.16
Vulnerable Versions Count	3 versions ( 38% of all versions)

Common Weakness Enumeration

CWE-532 Insertion of Sensitive Information into Log File

Available Reports

Website List

Details

Published - Aug 12, 2025
Updated - Aug 12, 2025

CVE References

CWE References

cwe.mitre.org

CWE

CWE-532

Website Distribution by Country

Number of websites using CVE-2025-42935

United States	36 websites

India	11 websites
Italy	10 websites
Brazil	6 websites
Turkey	6 websites
Germany	5 websites
Malaysia	4 websites
China	3 websites
Belgium	2 websites
Ethiopia	2 websites

Website Distribution by TLD

Number of websites using CVE-2025-42935

.com	41 websites
.net	8 websites
.it	7 websites
.com.cn	3 websites
.com.br	2 websites
.de	2 websites
.edu	2 websites
.ca	1 websites
.com.au	1 websites
.dk	1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-42935

Top websites that are affected by CVE-2025-42935. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
**********.****..ca	Canada	,,*
*..********.gov	United States	,,*
******.****.net	Brazil	,,*
********.************.net	United States	,,*
*..gov	United States	,,*
************..********.gov	United States	,,*
*.****.com	Malaysia	,,*
********.**.net	Belgium	,,*
*****.net	Brazil	,,*
*.**.sk	Slovakia	,,*

See full domain list

FAQ

CVE-2025-42935 is Insertion of Sensitive Information into Log File in NetWeaver Application Server

A total of 106 websites have been identified as vulnerable to CVE-2025-42935, based on global website indexing conducted by WebTechSurvey.

The NetWeaver Application Server is affected by the CVE-2025-42935 vulnerability.

NetWeaver Application Server versions up to and including 9.16 are vulnerable to CVE-2025-42935.

Domain	Country	Rank
**********.****..ca	Canada	,,*
*..********.gov	United States	,,*
******.****.net	Brazil	,,*
********.************.net	United States	,,*
*..gov	United States	,,*
************..********.gov	United States	,,*
*.****.com	Malaysia	,,*
********.**.net	Belgium	,,*
*****.net	Brazil	,,*
*.**.sk	Slovakia	,,*

CVE-2025-42935

Affected Software

Common Weakness Enumeration

Available Reports

Details

CVE References

CWE References

CWE

Website Distribution by Country

Website Distribution by TLD

Vulnerable Versions

Websites affected by CVE-2025-42935

What type of vulnerability is CVE-2025-42935?

How many websites are affected by the CVE-2025-42935 vulnerability?

Which technology is affected by CVE-2025-42935?

Which versions of NetWeaver Application Server are vulnerable to CVE-2025-42935?

References