CVE-2025-42969 Information

Jul 09, 2025 cve

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation the attacker can access or modify sensitive information within the scope of victim’s web browser with no impact on availability of the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://me.sap.com/notes/3596987 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

CNNVD-202507-806 (Published: 2025-07-08)

Share on:

CVE-2025-42969 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD