Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2025-25242

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-25242?

A vulnerability in SAP NetWeaver Application Server ABAP allows for the execution of malicious scripts, potentially compromising the confidentiality and integrity of user data. While the vulnerability does not affect the availability of the application, it poses a significant security risk by enabling attackers to exploit unvalidated input in web applications. Users are encouraged to take necessary precautions to secure their applications against such threats.

Affected Version(s)

SAP NetWeaver Application Server ABAP SAP_BASIS 740

SAP NetWeaver Application Server ABAP SAP_BASIS 750

SAP NetWeaver Application Server ABAP SAP_BASIS 751

References

https://me.sap.com/notes/3562390

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 4, 2025