CVE-2025-0057

Summary

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver AS JAVA (User Admin Application)ENGINEAPI 7.50affected
SAP_SESAP NetWeaver AS JAVA (User Admin Application)SERVERCORE 7.50affected
SAP_SESAP NetWeaver AS JAVA (User Admin Application)UMEADMIN 7.50affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References