CVE-2025-0057Unrestricted File Upload in SE SAP Netweaver AS Java

CWE-434Unrestricted File Upload3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 78.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AS Java
Timeline
PublishedJan 14

Description

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_as_javaENGINEAPI 7.50, SERVERCORE 7.50, UMEADMIN 7.50+2

🔴Vulnerability Details

2
GHSA
GHSA-cxvr-26hw-h83x: SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability2025-01-14
CVEList
Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)2025-01-14
CVE-2025-0057 — Unrestricted File Upload | cvebase