CVE-2025-42942

Summary

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 816affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 914affected
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 916affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References