Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-42948
PUBLISHED
More InfoOfficial Page
Assigner-sap
Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd
View Known Exploited Vulnerability (KEV) details
Published At-12 Aug, 2025 | 02:08
Updated At-13 Aug, 2025 | 20:20
Rejected At-
▼CVE Numbering Authority (CNA)
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser.

Affected Products
Vendor
SAP SESAP_SE
Product
SAP NetWeaver ABAP Platform
Default Status
unaffected
Versions
Affected
  • S4CRM 100
  • 200
  • 204
  • 205
  • 206
  • S4CEXT 107
  • 108
  • 109
  • BBPCRM 713
  • 714
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://me.sap.com/notes/3629871
N/A
https://url.sap/sapsecuritypatchday
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found