CVE-2025-0054

Published Feb 11, 2025

Last updated 5 days ago

CVSS medium 5.4

Overview

Description
SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web browser. With this the attacker might be able to read or modify information associated with the vulnerable web page.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0054 🟠 MEDIUM (5.4) 🏢 SAP_SE - SAP NetWeaver Application Server Java 🏗️ EP-BASIS 7.50 🔗 https://t.co/AXtynG7D0A 🔗 https://t.co/f5sXJgkGmG #CyberCron #VulnAlert https://t.co/WWUs1de1ZK

    @cybercronai

    12 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References