Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42886

Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's browser context. This could allow the attacker to access or modify information within the victim�s browser scope, impacting confidentiality and integrity, while availability remains unaffected

Published

2025-11-11T01:15:37.200

Last Modified

2026-01-16T16:53:49.357

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	business_connector	4.8	Yes

References

https://me.sap.com/notes/3665907 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])