CVE-2025-42975 — Cross-site Scripting in SE SAP Netweaver Application Server Abap

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 70.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap

Timeline

PublishedAug 12

Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap15 versions+14

🔴Vulnerability Details

GHSA

GHSA-qwgv-427m-whp6: SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document a↗2025-08-12

▶

CVEList

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)↗2025-08-12

▶