CVE-2025-42990

Summary

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAPUI5 applicationsSAP_UI 750affected
SAP_SESAPUI5 applications754affected
SAP_SESAPUI5 applications755affected
SAP_SESAPUI5 applications756affected
SAP_SESAPUI5 applications757affected
SAP_SESAPUI5 applications758affected
SAP_SESAPUI5 applicationsUI_700 200affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References