CVE-2025-0057 Information

Description

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component the attacker can read and modify information within the scope of victim’s web browser.

Reference

https://me.sap.com/notes/3514421 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday