CVE-2025-42945: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server ABAP contains an HTML injection vulnerability identified as CVE-2025-42945. The vulnerability was discovered and disclosed on August 11, 2025. An attacker could exploit this vulnerability by crafting a URL with malicious script as payload and tricking a victim with an active user session into executing it (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) (NVD).

Upon successful exploitation, this vulnerability could lead to limited access to data or its manipulation. There is no impact on system availability (NVD).

SAP has released security patches as part of their August 2025 Security Patch Day. Organizations are advised to apply the available security updates (SAP Security).

The vulnerability was disclosed as part of SAP's August 2025 Security Patch Day, which addressed a total of 15 vulnerabilities across their enterprise software portfolio (Cyber Security News).