CVE-2025-24874

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Feb 11, 2025

Updated: Feb 18, 2025

CWE ID 1021

Summary

CVE-2025-24874 refers to a security vulnerability in SAP Commerce (Backoffice), where the application employs the outdated X-FRAME-OPTIONS header to prevent clickjacking attacks. Although this measure is currently effective, the support for this header may be phased out in future browsers in favor of the more advanced frame-ancestors Content Security Policy (CSP) directive. Consequently, the risk of clickjacking attacks increasing and potentially exposing or modifying sensitive data becomes a concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/21Xsm3
https://www.cve.org/CVERecord?id=CVE-2025-24874
https://nvd.nist.gov/vuln/detail/CVE-2025-24874

Back to Vulnerability Database

CVE-2025-24874

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations