SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser.
CVE ID: CVE-2025-0057
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
Vendor: SAP_SE
Product: SAP NetWeaver AS JAVA (User Admin Application)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.48% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)