CVE-2025-42956: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server ABAP and ABAP Platform contains a cross-site scripting vulnerability that allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leads to low impact on Confidentiality and Integrity with no effect on Availability of the application (NVD).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). The CVSS v3.1 base score is 6.1 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability has a low impact on both Confidentiality and Integrity of the system, with no impact on Availability. When successfully exploited, the attacker can execute malicious content in the victim's browser context, potentially leading to unauthorized access to user data or manipulation of web content (NVD).

SAP has released security patches to address this vulnerability. Users should refer to SAP Security Note 3617131 for detailed mitigation instructions (SAP Security Patch).