CVE-2025-42948

Summary

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver ABAP PlatformS4CRM 100affected
SAP_SESAP NetWeaver ABAP Platform200affected
SAP_SESAP NetWeaver ABAP Platform204affected
SAP_SESAP NetWeaver ABAP Platform205affected
SAP_SESAP NetWeaver ABAP Platform206affected
SAP_SESAP NetWeaver ABAP PlatformS4CEXT 107affected
SAP_SESAP NetWeaver ABAP Platform108affected
SAP_SESAP NetWeaver ABAP Platform109affected
SAP_SESAP NetWeaver ABAP PlatformBBPCRM 713affected
SAP_SESAP NetWeaver ABAP Platform714affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References