CVE-2025-42942 is a cross-site scripting (XSS) vulnerability identified in SAP NetWeaver Application Server for ABAP, affecting multiple SAP_BASIS versions ranging from 700 through 916. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. An unauthenticated attacker can craft a malicious URL containing embedded script code and trick an unauthenticated victim into clicking it. Upon successful exploitation, the malicious script executes within the victim's browser context, allowing the attacker to access and modify limited information accessible to the victim's browser session. This vulnerability does not impact the availability of the SAP application but compromises confidentiality and integrity within the scope of the victim's browser session. The CVSS v3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. No known exploits in the wild have been reported yet, and no official patches are linked at this time. The vulnerability affects a broad range of SAP_BASIS versions, indicating a long-standing issue across many SAP NetWeaver deployments. The attack scenario relies on social engineering to lure users into clicking crafted URLs, which then execute malicious scripts in their browsers, potentially leading to session hijacking, data theft, or unauthorized actions within the victim's SAP web session context.

For European organizations, this vulnerability poses a significant risk to confidentiality and integrity of SAP NetWeaver application data accessed via web interfaces. SAP NetWeaver is widely used across Europe in sectors such as manufacturing, finance, public administration, and utilities, where SAP systems often handle sensitive business-critical data. Exploitation could lead to unauthorized disclosure of sensitive information, manipulation of user-visible data, or session hijacking within the SAP web environment. Although availability is not impacted, the breach of confidentiality and integrity can result in financial losses, regulatory non-compliance (e.g., GDPR violations), reputational damage, and operational disruption. The requirement for user interaction (clicking a malicious link) means phishing campaigns targeting SAP users could be an effective attack vector. Given the extensive use of SAP in European enterprises and government bodies, the potential for targeted attacks exploiting this vulnerability is considerable, especially in environments where SAP web interfaces are exposed or accessible to end users without sufficient protective controls.

1. Implement strict input validation and output encoding on all web pages generated by SAP NetWeaver to neutralize malicious scripts. 2. Apply SAP security notes and patches as soon as they become available for the affected SAP_BASIS versions. 3. Employ web application firewalls (WAFs) with rules specifically designed to detect and block XSS payloads targeting SAP web interfaces. 4. Conduct user awareness training focused on phishing and social engineering risks, emphasizing caution when clicking on unsolicited or suspicious URLs. 5. Restrict SAP web interface exposure by limiting access to trusted networks and enforcing strong authentication mechanisms, such as multi-factor authentication (MFA). 6. Monitor SAP system logs and web access logs for unusual activity patterns indicative of attempted exploitation. 7. Use Content Security Policy (CSP) headers to reduce the impact of XSS by restricting the sources of executable scripts in browsers accessing SAP applications. 8. Regularly review and harden SAP system configurations to minimize attack surface and ensure secure coding practices are followed for custom developments.