CVE 6.1 MEDIUM

HTML Injection vulnerability in SAP NetWeaver Application Server ABAP_CVE-2025-42945

August 11, 2025 invoker category_cve
6.1 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.

AI Analysis

SAP NetWeaver Application Server ABAP is vulnerable to HTML injection, allowing attackers to execute malicious scripts via crafted URLs, potentially leading to data access or manipulation.

Basic Information

ID CVE-2025-42945
Source sap
Published Aug 12, 2025 at 02:05

Affected Product

Vendor SAP_SE
Product SAP NetWeaver Application Server ABAP
Version KRNL64UC 7.53
Affected Versions SAP_SE SAP NetWeaver Application Server ABAP KRNL64UC 7.53
SAP_SE SAP NetWeaver Application Server ABAP KERNEL 7.53
SAP_SE SAP NetWeaver Application Server ABAP 7.54
SAP_SE SAP NetWeaver Application Server ABAP 7.77
SAP_SE SAP NetWeaver Application Server ABAP 7.89
SAP_SE SAP NetWeaver Application Server ABAP 7.93

CWE Classification

CWE-94

AI Assessment

AI Score 6.1 / 10
AI Severity MEDIUM
Vendor SAP
Product NetWeaver Application Server ABAP
Version 7.53, 7.54, 7.77, 7.89, 7.93

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.