CVE-2025-42948 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform

🗓️ 12 Aug 2025 02:08:17Reported by sapType

XSS in SAP NetWeaver ABAP Platform; unauth attacker can publish a link; click executes in browser.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-42948	12 Aug 202502:43	–	circl
CNNVD	SAP NetWeaver ABAP Platform 跨站脚本漏洞	12 Aug 202500:00	–	cnnvd
CNVD	SAP NetWeaver ABAP Platform Cross-Site Scripting Vulnerability	18 Aug 202500:00	–	cnvd
CVE	CVE-2025-42948	12 Aug 202502:08	–	cve
EUVD	EUVD-2025-24208	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	5 Sep 202511:12	–	ncsc
NVD	CVE-2025-42948	12 Aug 202503:15	–	nvd
Positive Technologies	PT-2025-32608 · Sap · Sap Netweaver/Abap Platform	12 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42948	14 Aug 202502:24	–	redhatcve
Vulnrichment	CVE-2025-42948 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform	12 Aug 202502:08	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CRM 100"
      },
      {
        "status": "affected",
        "version": "200"
      },
      {
        "status": "affected",
        "version": "204"
      },
      {
        "status": "affected",
        "version": "205"
      },
      {
        "status": "affected",
        "version": "206"
      },
      {
        "status": "affected",
        "version": "S4CEXT 107"
      },
      {
        "status": "affected",
        "version": "108"
      },
      {
        "status": "affected",
        "version": "109"
      },
      {
        "status": "affected",
        "version": "BBPCRM 713"
      },
      {
        "status": "affected",
        "version": "714"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3629871

12 Aug 2025 02:08Current

CVSS 3.16.1

EPSS0.00476

CWE-79