QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-42873

Back to search

CVE-2025-42873

Published: Dec 9, 2025

Modified: Dec 9, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system unresponsiveness due to a blocked processing thread. This vulnerability has no impact on confidentiality or integrity but has a high impact on system availability.

VendorProductVersions

SAP_SE

SAPUI5 framework (Markdown-it component)

affected
SAP_UI 755
affected
756
affected
757
affected
758

Weaknesses (CWE)

CWE-405

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now