1. Home
  2. CVE Database
  3. CVE-2025-27431
MEDIUM · 5.4

CVE-2025-27431

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored an...

Vulnerability Description

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. There is no impact on availability.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-27431?

CVE-2025-27431 is a vulnerability with a CVSS score of 5.4 (MEDIUM). User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored an...

How severe is CVE-2025-27431?

CVE-2025-27431 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-27431?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.