CVE-2025-42948

{"id": "CVE-2025-42948", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-08-12T03:15:27.493", "references": [{"url": "https://me.sap.com/notes/3629871", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website\ufffds page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim\ufffds browser."}, {"lang": "es", "value": "Debido a una vulnerabilidad de Cross-Site Scripting (XSS) en la plataforma SAP NetWeaver ABAP, un atacante no autenticado podr\u00eda generar un enlace malicioso y hacerlo p\u00fablico. Si un usuario autenticado hace clic en este enlace, la entrada inyectada se procesa durante la generaci\u00f3n de la p\u00e1gina web, lo que genera contenido malicioso. Al ejecutarse este contenido malicioso, el atacante podr\u00eda acceder o modificar informaci\u00f3n dentro del alcance del navegador de la v\u00edctima."}], "lastModified": "2025-08-12T14:25:33.177", "sourceIdentifier": "cna@sap.com"}