Cross-Site Scripting Vulnerability in SAP Data Services Management Console
CVE-2025-42973

5.4MEDIUM

Key Information:

Vendor

SAP
Status
SAP Data Services (dq Report)
Vendor
CVE Published:
8 July 2025

What is CVE-2025-42973?

A Cross-Site Scripting vulnerability exists in SAP Data Services Management Console that allows authenticated attackers to exploit the search functionality for DQ job status reports. By intercepting user requests, malicious scripts can be injected and executed when vulnerable pages are loaded. This poses a risk to the confidentiality and integrity of user session data without affecting system availability.

Affected Version(s)

SAP Data Services (DQ Report) SBOP_DS_MANAGEMENT_CONSOLE 4.3

SAP Data Services (DQ Report) 2025

References

https://me.sap.com/notes/3606103
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42973 : Cross-Site Scripting Vulnerability in SAP Data Services Management Console