XSS Vulnerability in SAP NetWeaver ABAP Platform
CVE-2025-42948 Published on August 12, 2025
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform
Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website?s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim?s browser.
Vulnerability Analysis
CVE-2025-42948 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-42948 has been classified to as a XSS vulnerability or weakness.
Affected Versions
SAP_SE SAP NetWeaver ABAP Platform:- Version S4CRM 100 is affected.
- Version 200 is affected.
- Version 204 is affected.
- Version 205 is affected.
- Version 206 is affected.
- Version S4CEXT 107 is affected.
- Version 108 is affected.
- Version 109 is affected.
- Version BBPCRM 713 is affected.
- Version 714 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.