CVE-2025-24970

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 10, 2025

Updated: Feb 21, 2025

CWE ID 20

Summary

CVE-2025-24874: SAP Commerce (Backoffice) relies on the outdated X-FRAME-OPTIONS header for clickjacking prevention. Although functional at present, this safeguard may become obsolete as browsers shift towards frame-ancestors Content Security Policy (CSP) directives, potentially leaving the system prone to clickjacking attacks and subsequent exposure or modification of sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Netty

Affected Vendors

Netty

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/25p7qX
https://www.cve.org/CVERecord?id=CVE-2025-24970
https://nvd.nist.gov/vuln/detail/CVE-2025-24970

Back to Vulnerability Database