VDB

CISA-2025-42948

CISA-2025-42948 PUBLISHED CVSS 6.1 MEDIUM

Reported by sap · Published August 12, 2025

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser.

Risk Scores

CVSS 3.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
SAP_SESAP NetWeaver ABAP PlatformS4CRM 100, 200, 204
SAP_SESAP NetWeaver ABAP PlatformS4CRM 100, 200, 204

Timeline

  • Aug 12, 2025 CVE Published
  • Aug 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›