{"id":10448,"date":"2025-08-11T22:44:16","date_gmt":"2025-08-11T22:44:16","guid":{"rendered":"http:\/\/localhost\/?p=10448"},"modified":"2025-08-11T22:44:16","modified_gmt":"2025-08-11T22:44:16","slug":"cross-site-scripting-xss-vulnerability-in-sap-netweaver-abap-platform","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=10448","title":{"rendered":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948"},"content":{"rendered":"

{“lastseen”:””,”description”:”Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the websites page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access\/modify information within the scope of victims browser.”,”published”:”2025-08-12T02:08:17.608Z”,”modified”:”2025-08-12T02:08:17.608Z”,”type”:”cve”,”title”:”Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform”,”source”:”sap”,”references”:”https:\/\/me.sap.com\/notes\/3629871\\nhttps:\/\/url.sap\/sapsecuritypatchday”,”id”:”CVE-2025-42948″,”bulletinFamily”:””,”cwe”:[“CWE-79″],”cvelist”:null,”sourceData”:”SAP_SE SAP NetWeaver ABAP Platform S4CRM 100\\nSAP_SE SAP NetWeaver ABAP Platform 200\\nSAP_SE SAP NetWeaver ABAP Platform 204\\nSAP_SE SAP NetWeaver ABAP Platform 205\\nSAP_SE SAP NetWeaver ABAP Platform 206\\nSAP_SE SAP NetWeaver ABAP Platform S4CEXT 107\\nSAP_SE SAP NetWeaver ABAP Platform 108\\nSAP_SE SAP NetWeaver ABAP Platform 109\\nSAP_SE SAP NetWeaver ABAP Platform BBPCRM 713\\nSAP_SE SAP NetWeaver ABAP Platform 714″,”sourceHref”:””,”cvss”:{“score”:6.1,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”SAP NetWeaver ABAP Platform”,”version”:”S4CRM 100″,”vendor”:”SAP_SE”,”ai_description”:”Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform affecting multiple versions, allowing attackers to inject malicious scripts via crafted links.”,”ai_severity”:”MEDIUM”,”ai_vendor”:”SAP”,”ai_product”:”NetWeaver ABAP Platform”,”ai_version”:”S4CRM 100, 200, 204, 205, 206, S4CEXT 107, 108, 109, BBPCRM 713, 714″,”ai_score”:6.1}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,31,12,21,13,7,11,5],"class_list":["post-10448","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-61","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nCross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=10448\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=10448\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-11T22:44:16+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948\",\"datePublished\":\"2025-08-11T22:44:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448\"},\"wordCount\":304,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.1\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10448#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448\",\"name\":\"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-11T22:44:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=10448\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=10448#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=10448","og_locale":"en_US","og_type":"article","og_title":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem","og_description":"{“lastseen”:””,”description”:”Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible....","og_url":"https:\/\/zero.redgem.net\/?p=10448","og_site_name":"zero redgem","article_published_time":"2025-08-11T22:44:16+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=10448#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=10448"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948","datePublished":"2025-08-11T22:44:16+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=10448"},"wordCount":304,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.1","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=10448#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=10448","url":"https:\/\/zero.redgem.net\/?p=10448","name":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-11T22:44:16+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=10448#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=10448"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=10448#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform_CVE-2025-42948"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10448"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/10448\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}