Skip to main content

CVE-2025-31325: CWE-79: Improper Neutralization of Input During Web Page Generation in SAP_SE SAP NetWeaver (ABAP Keyword Documentation)

Medium
VulnerabilityCVE-2025-31325cvecve-2025-31325cwe-79
Published: Tue Jun 10 2025 (06/10/2025, 00:10:30 UTC)
Source: CVE Database V5
Vendor/Project: SAP_SE
Product: SAP NetWeaver (ABAP Keyword Documentation)

Description

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.

AI-Powered Analysis

AILast updated: 07/10/2025, 23:48:52 UTC

Technical Analysis

CVE-2025-31325 is a Cross-Site Scripting (XSS) vulnerability identified in SAP NetWeaver, specifically within the ABAP Keyword Documentation component of SAP_BASIS version 758. The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. An unauthenticated attacker can exploit this flaw by injecting malicious JavaScript code into a web page through an unprotected parameter. When a legitimate user accesses the compromised page, the injected script executes in their browser context. This execution allows the attacker to access limited restricted information available in the client’s browser session. Importantly, the vulnerability does not impact the integrity or availability of the SAP system itself, as the attack is confined to the client-side browser environment. The CVSS v3.1 base score is 5.8 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and a scope change due to the client-side impact. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability’s exploitation is limited to information disclosure within the browser context and does not allow direct system compromise or data manipulation on the server side.

Potential Impact

For European organizations using SAP NetWeaver with the affected SAP_BASIS 758 version, this vulnerability poses a risk primarily to confidentiality at the client level. Attackers could leverage this XSS flaw to steal session tokens, cookies, or other sensitive information accessible via the browser, potentially enabling further attacks such as session hijacking or phishing. While the vulnerability does not affect system integrity or availability, the exposure of sensitive session data could lead to unauthorized access to SAP applications, which are often critical for enterprise resource planning and business operations. Given SAP’s widespread use across European industries including manufacturing, finance, and public sector, the risk of targeted attacks exploiting this vulnerability to gain footholds or escalate privileges is non-negligible. However, the lack of required authentication and user interaction lowers the barrier for exploitation, increasing the threat surface. The impact is more pronounced in environments where users access SAP NetWeaver portals through web browsers without additional security controls such as Content Security Policy (CSP) or Web Application Firewalls (WAFs).

Mitigation Recommendations

European organizations should prioritize the following mitigations: 1) Immediate review and restriction of web parameters exposed by the ABAP Keyword Documentation interface to ensure no untrusted input is directly rendered without proper encoding or sanitization. 2) Implement robust input validation and output encoding on all web interfaces, particularly those serving dynamic content. 3) Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing SAP NetWeaver portals. 4) Utilize Web Application Firewalls (WAFs) with rules tuned to detect and block typical XSS payloads targeting SAP web components. 5) Monitor SAP security advisories closely for official patches or hotfixes and apply them promptly once available. 6) Educate users about the risks of clicking on suspicious links or accessing SAP portals from untrusted networks. 7) Conduct regular security assessments and penetration tests focusing on SAP web interfaces to detect similar injection flaws. These targeted actions go beyond generic advice by focusing on the specific SAP component and the nature of the vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
sap
Date Reserved
2025-03-27T23:02:06.906Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f541b0bd07c3938a027

Added to database: 6/10/2025, 6:54:12 PM

Last enriched: 7/10/2025, 11:48:52 PM

Last updated: 8/12/2025, 12:58:21 AM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats