CVE-2025-42945
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP | KRNL64UC 7.53 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | KERNEL 7.53 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.54 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.77 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.89 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.93 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.