CVE-2025-25242

Summary

SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 914affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References