1. Home
  2. CVE Database
  3. CVE-2025-31325
MEDIUM · 5.8

CVE-2025-31325

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected paramete...

Vulnerability Description

Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-31325?

CVE-2025-31325 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected paramete...

How severe is CVE-2025-31325?

CVE-2025-31325 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-31325?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.