CVE-2025-42901 – Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

CVE ID : CVE-2025-42901

Published : Oct. 14, 2025, 1:15 a.m. | 1 hour, 24 minutes ago

Description : SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user’s browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…