CVE-2025-42895
MEDIUM
6.9
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
November 11, 2025
Last Modified
November 12, 2025
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
Description
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability of the application.