CVE-2025-42942 Information

Aug 13, 2025 cve

Description

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation the attacker could access and modify limited information within the scope of victim’s browser. This vulnerability has no impact on availability of the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://me.sap.com/notes/3597355 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

CNNVD-202508-990 (Published: 2025-08-12)

Share on:

CVE-2025-42942 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD