CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0054: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

5.4 CVSS

Description

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web browser. With this the attacker might be able to read or modify information associated with the vulnerable web page.

Classification

CVE ID: CVE-2025-0054

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver Application Server Java

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://me.sap.com/notes/3526203
https://url.sap/sapsecuritypatchday

Timeline

2025-02-12 00:31:34 UTC
CVE

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java