CVE-2025-42975
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-12

Last updated on: 2025-08-12

Assigner: SAP SE

Description
SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-12
Last Modified
2025-08-12
Generated
2026-05-27
AI Q&A
2025-08-12
EPSS Evaluated
2026-05-25
NVD
CVE-2025-42975
EUVD
EUVD-2025-24202
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap netweaver_application_server_abap *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to create a malicious URL. When a victim clicks this URL, a malicious script runs in their browser, enabling the attacker to access or modify information related to the web client without disrupting its availability.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access and modification of information in the web client environment, potentially compromising data integrity and confidentiality. However, it does not affect the availability of the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart