CVE-2025-42942 — Cross-site Scripting in SE SAP Netweaver Application Server FOR Abap

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 70.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap

Timeline

PublishedAug 12

Description

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap17 versions+16

🔴Vulnerability Details

GHSA

GHSA-f747-wqq2-4rg3: SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability↗2025-08-12

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP↗2025-08-12

▶