CVE-2025-0054

MEDIUM

SAP NetWeaver Application Server Java - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-0054. PoCs published by z3usx01.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting stored XSS vulnerabilities in SAP NetWeaver Application Server Java, specifically targeting CVE-2025-0054. It submits a customizable XSS payload and checks for its reflection in the response.

Description

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web browser. With this the attacker might be able to read or modify information associated with the vulnerable web page.

Exploits (1)

nomisec SCANNER
by z3usx01 · poc
https://github.com/z3usx01/CVE-2025-0054

This repository contains a Python-based scanner for detecting stored XSS vulnerabilities in SAP NetWeaver Application Server Java, specifically targeting CVE-2025-0054. It submits a customizable XSS payload and checks for its reflection in the response.

Classification
Scanner 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: SAP NetWeaver Application Server Java
Auth required
Prerequisites: Valid session cookie for authenticated access · Identified vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 5.4
EPSS 0.0025
EPSS Percentile 16.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
SAP_SE/SAP NetWeaver Application Server Java EP-BASIS 7.50
SAP_SE/SAP NetWeaver Application Server Java FRAMEWORK-EXT 7.50
Published Feb 11, 2025
Tracked Since Feb 18, 2026