We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-42975

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)



Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.

Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-12 | Assigner sap


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

S4COREOP 104
affected

105
affected

106
affected

107
affected

108
affected

SEM-BW 600
affected

602
affected

603
affected

604
affected

605
affected

634
affected

736
affected

746
affected

747
affected

748
affected

References

me.sap.com/notes/3611184

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42975)

nvd.nist.gov (CVE-2025-42975)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-42975

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.