Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42956

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.

Published

2025-07-08T07:15:26.167

Last Modified

2025-10-27T16:51:37.780

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	sap_basis	700	Yes
Application	sap	sap_basis	701	Yes
Application	sap	sap_basis	702	Yes
Application	sap	sap_basis	731	Yes
Application	sap	sap_basis	740	Yes
Application	sap	sap_basis	750	Yes
Application	sap	sap_basis	751	Yes
Application	sap	sap_basis	752	Yes
Application	sap	sap_basis	753	Yes
Application	sap	sap_basis	754	Yes
Application	sap	sap_basis	755	Yes
Application	sap	sap_basis	756	Yes
Application	sap	sap_basis	757	Yes
Application	sap	sap_basis	758	Yes
Application	sap	sap_basis	816	Yes

References

https://me.sap.com/notes/3617131 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])