ByteOS Network

NVD Vulnerability Details :

CVE-2025-42920

Analyzed

Source-cna@sap.com

Published At-09 Sep, 2025 | 02:15

Updated At-24 Oct, 2025 | 14:50

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPE Matches

SAP SE

>>supplier_relationship_management>>7.0

cpe:2.3:a:sap:supplier_relationship_management:7.0:-:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	cna@sap.com

CWE ID: CWE-79

Type: Primary

Source: cna@sap.com

References

Hyperlink	Source	Resource
https://me.sap.com/notes/3647098	cna@sap.com	Permissions Required
https://url.sap/sapsecuritypatchday	cna@sap.com	Patch

Hyperlink: https://me.sap.com/notes/3647098

Source: cna@sap.com

Resource:

Permissions Required

Hyperlink: https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Resource:

Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History