CVE-2025-42975NVD

Vulnerability Summary

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.

Severity Level

MEDIUM(6.1)

Published Date

Aug 12, 2025

Last Modified

Aug 12, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-79: Cross-site Scripting (XSS) ↗

The software does not neutralize user-controllable input before it is placed in output that is used as a web page.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://me.sap.com/notes/3611184
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-42975NVD

Vulnerability Summary

External References