CVE-2025-42945 โ€” Code Injection in SE SAP Netweaver Application Server Abap

CWE-94 โ€” Code Injection3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 93.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver Application Server Abap
Timeline
PublishedAug 12

Description

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
CVEList
HTML Injection vulnerability in SAP NetWeaver Application Server ABAPโ†—2025-08-12
โ–ถ
GHSA
GHSA-hw7q-cg9q-v7xj: SAP NetWeaver Application Server ABAP has HTML injection vulnerabilityโ†—2025-08-12
โ–ถ
CVE-2025-42945 โ€” Code Injection | cvebase