Home

Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-13 | Assigner sap




MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

S4COREOP 104
affected

105
affected

106
affected

107
affected

108
affected

SEM-BW 600
affected

602
affected

603
affected

604
affected

605
affected

634
affected

736
affected

746
affected

747
affected

748
affected

References

me.sap.com/notes/3611184

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42975)

nvd.nist.gov (CVE-2025-42975)

Download JSON