CVE-2025-25242

Published Mar 11, 2025

Last updated 25 days ago

CVSS medium 6.1

Overview

Description
SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-79

Social media

Hype score
Not currently trending

  1. SAP has patched critical vulnerabilities in Commerce, NetWeaver, and BusinessObjects. Flaws like CVE-2025-25242 (auth bypass) and CVE-2025-24876 (session hijacking) pose high risks. Patch now. #SAPSecurity #CVE-2025-25242 #CVE-2025-24876 https://t.co/OYxCUGpZER

    @RedTeamNewsBlog

    24 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References