CVE-2025-42945

MEDIUM

SAP NetWeaver Application Server ABAP - XSS

Title source: llm

Description

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.

References (2)

Core 2

Core References

Vendor Advisory

https://me.sap.com/notes/3585491

Vendor Advisory

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (6)

SAP_SE/SAP NetWeaver Application Server ABAP 7.54

SAP_SE/SAP NetWeaver Application Server ABAP 7.77

SAP_SE/SAP NetWeaver Application Server ABAP 7.89

SAP_SE/SAP NetWeaver Application Server ABAP 7.93

SAP_SE/SAP NetWeaver Application Server ABAP KERNEL 7.53

SAP_SE/SAP NetWeaver Application Server ABAP KRNL64UC 7.53

Published Aug 12, 2025

Tracked Since Feb 18, 2026