Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server
CVE-2025-42942

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42942?

The SAP NetWeaver Application Server for ABAP is susceptible to a cross-site scripting vulnerability that permits an unauthenticated attacker to generate a malicious URL. When a victim inadvertently clicks the crafted link, it executes harmful scripts within the user's browser environment. This exploitation may allow the attacker to gain access to limited information and modify it within the victim’s browsing session, while not affecting the application's overall availability.

Affected Version(s)

SAP NetWeaver Application Server for ABAP SAP_BASIS 700

SAP NetWeaver Application Server for ABAP SAP_BASIS 701

SAP NetWeaver Application Server for ABAP SAP_BASIS 702

References

https://me.sap.com/notes/3597355

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025