CVE-2025-42901

Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

Description

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application.

INFO

Published Date :

2025-10-14T00:17:23.355Z

Last Modified :

2025-10-14T15:21:26.115Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2025-42901 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-42901.

URL	Resource
https://me.sap.com/notes/3652788
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact