Stored Cross Site Scripting Vulnerability in SAP NetWeaver AS JAVA User Admin Application
CVE-2025-0057

Currently unrated

Key Information:

Vendor: SAP
Vendor: CVE Published:; 14 January 2025

Summary

The SAP NetWeaver AS JAVA User Admin Application is susceptible to a stored cross site scripting vulnerability. This security flaw allows an attacker, acting as an administrator, to upload images containing malicious JavaScript code. When an innocent user visits the affected component, the embedded code can execute, enabling the attacker to read and potentially manipulate sensitive information within the victim's web session.

References

https://me.sap.com/notes/3514421

https://url.sap/sapsecuritypatchday

Timeline

Vulnerability published
Jan 14, 2025