Stored Cross-Site Scripting in SAP NetWeaver Java Application Server
CVE-2025-27431
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 March 2025
What is CVE-2025-27431?
The user management features in the SAP NetWeaver Application Server Java are susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This security flaw allows an attacker to inject harmful scripts that are stored within the application. When a victim accesses the affected functionalities, these scripts can execute in their browser context, potentially leading to information leaks or unauthorized alterations of data. However, this vulnerability does not affect the availability of the application.
Affected Version(s)
SAP NetWeaver Application Server Java AJAX-RUNTIME 7.50