CVE-2025-25242 — Cross-site Scripting in SE SAP Netweaver Application Server Abap

CWE-79 — Cross-site Scripting CWE-862 — Missing Authorization4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 78.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap

Timeline

PublishedMar 11

Latest updateFeb 17

Description

SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap11 versions+10

🔴Vulnerability Details

GHSA

Unauthenticated File Upload in Gogs↗2026-02-17

▶

CVEList

Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP↗2025-03-11

▶

GHSA

GHSA-chhf-863p-8gx2: SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS)↗2025-03-11

▶