SAP HANA Deserialization Bug Allows Privileged Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.5

SAP HANA Deserialization Bug Allows Privileged Code Execution

CVE-2025-11739

Summary

An attacker who has a local account on a system with SAP HANA installed can send a specially crafted data stream, potentially allowing them to execute arbitrary code with full administrative rights. This could lead to unauthorized access and data manipulation. Update SAP HANA to the latest version to prevent exploitation.

Original title

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data s...

Original description

nvd CVSS4.0 8.5

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-06&p_enDoc...

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026