CVE-2025-0054

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 11, 2025

Updated: Feb 18, 2025

CWE ID 79

Summary

CVE-2025-0054 is a stored cross-site scripting (XSS) vulnerability affecting SAP NetWeaver Application Server Java. The issue arises due to insufficient user input handling, enabling attackers with basic privileges to inject malicious JavaScript code into the server. This code can then be executed in the victim's web browser, potentially allowing the attacker to read or modify information linked to the vulnerable web page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP Netweaver Application Server Java

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3PUNIX
https://www.cve.org/CVERecord?id=CVE-2025-0054
https://nvd.nist.gov/vuln/detail/CVE-2025-0054

Back to Vulnerability Database