Cross-Site Scripting Vulnerability in SAP NetWeaver ABAP Platform
CVE-2025-42948

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Abap Platform
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42948?

A Cross-Site Scripting (XSS) vulnerability exists in the SAP NetWeaver ABAP Platform, allowing unauthenticated attackers to create malicious links that, when accessed by authenticated users, can result in the execution of harmful scripts. This vulnerability exploits the page generation process, enabling attackers to inject malicious content within the victim's browser, which can lead to data access and manipulation.

Affected Version(s)

SAP NetWeaver ABAP Platform S4CRM 100

SAP NetWeaver ABAP Platform 200

SAP NetWeaver ABAP Platform 204

References

https://me.sap.com/notes/3629871

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025