CVE 5.4 MEDIUM

Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)_CVE-2025-42901

October 13, 2025 invoker category_cve
5.4 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application.

Basic Information

ID CVE-2025-42901
Source sap
Published Oct 14, 2025 at 00:17

Affected Product

Vendor SAP_SE
Product SAP Application Server for ABAP (BAPI Browser)
Version SAP_BASIS 700
Affected Versions SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 700
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 701
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 702
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 731
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 740
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 750
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 751
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 752
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 753
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 754
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 755
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 756
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 757
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 758
SAP_SE SAP Application Server for ABAP (BAPI Browser) SAP_BASIS 816

CWE Classification

CWE-94

References

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.