CVE-2025-0054

🗓️ 11 Feb 2025 00:32:57Reported by sapType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

Stored cross-site scripting vulnerability in SAP NetWeaver Java allows attacker payload execution.

Reporter	Title	Published	Views	Family All 12
GithubExploit	Exploit for CVE-2025-0054	20 Apr 202516:05	–	githubexploit
BDU FSTEC	The vulnerability of the SAP NetWeaver AS for Java software integration platform, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.	17 Mar 202500:00	–	bdu_fstec
Circl	CVE-2025-0054	11 Feb 202500:56	–	circl
CNNVD	SAP NetWeaver Application Server Java 跨站脚本漏洞	10 Feb 202500:00	–	cnnvd
CNVD	SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability	19 Feb 202500:00	–	cnvd
Cvelist	CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java	11 Feb 202500:32	–	cvelist
EUVD	EUVD-2025-1484	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	11 Feb 202509:08	–	ncsc
NVD	CVE-2025-0054	11 Feb 202501:15	–	nvd
Positive Technologies	PT-2025-6119 · Sap · Sap Netweaver Application Server Java	10 Feb 202500:00	–	ptsecurity

Vulners

Node

sap netweaver_application_server_javaMatch7.50

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Application Server Java",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "EP-BASIS 7.50"
      },
      {
        "status": "affected",
        "version": "FRAMEWORK-EXT 7.50"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3526203

Parameter	Position	Path	Description	CWE
XSS_PAYLOAD	request body	/user/profile	Stored XSS vulnerability in SAP NetWeaver Application Server Java as described by CVE-2025-0054 (CWE-79). The payload is submitted to a vulnerable endpoint and stored for later execution.	CWE-79

17 Jun 2026 08:25Current

5Medium risk

Vulners AI Score5

CVSS 3.15.4

EPSS0.00253

SSVC

CWE-79