SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-24202 SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap application Server
Sap netweaver
Sap netweaver Abap
Sap netweaver Abap Application Server
Sap netweaver Application Server
Vendors & Products Sap
Sap application Server
Sap netweaver
Sap netweaver Abap
Sap netweaver Abap Application Server
Sap netweaver Application Server

Tue, 12 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
Description SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.
Title Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2025-08-13T20:19:47.551Z

Reserved: 2025-04-16T13:25:45.231Z

Link: CVE-2025-42975

cve-icon Vulnrichment

Updated: 2025-08-12T13:30:43.051Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-12T03:15:28.430

Modified: 2025-08-12T14:25:33.177

Link: CVE-2025-42975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T11:46:50Z