CVE-2025-42872
MEDIUMDescription
Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.
Is your site exposed to CVE-2025-42872?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-42872? +
How severe is CVE-2025-42872? +
How do I check if I'm vulnerable to CVE-2025-42872? +
Related Vulnerabilities
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable …
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with …
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web …
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege …
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated …
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication …