CVE-2025-42872Active Debug Code in SE SAP Netweaver Enterprise Portal

CWE-489Active Debug Code3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 63.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver Enterprise Portal
Timeline
PublishedDec 9

Description

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_enterprise_portalEP-RUNTIME 7.50

🔴Vulnerability Details

2
GHSA
GHSA-4f68-6cfp-mfcj: Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that2025-12-09
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal2025-12-09
CVE-2025-42872 — Active Debug Code | cvebase