CVE-2025-42990
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-06-12

Assigner: SAP SE

Description
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-06-12
Generated
2026-05-07
AI Q&A
2025-06-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-42990
EUVD
EUVD-2025-17598
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in unprotected SAPUI5 applications where an attacker with basic privileges can inject malicious HTML code into a webpage. The injected code can redirect users to a URL controlled by the attacker. This affects the integrity of the application but does not impact confidentiality or availability.


How can this vulnerability impact me? :

The vulnerability can impact you by compromising the integrity of the SAPUI5 application, allowing attackers to redirect users to malicious websites. However, it does not affect the confidentiality or availability of the application or its data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart