CVE-2025-42948

MEDIUM

6.1

Descricao

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser.

Detalhes CVE

Pontuacao CVSS v3.16.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado8/12/2025

Ultima modificacao8/12/2025

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-79

Referencias

https://me.sap.com/notes/3629871(cna@sap.com)

https://url.sap/sapsecuritypatchday(cna@sap.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.