CVE-2025-0057

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java (affected versions not specified)

Description The issue is related to a stored cross-site scripting vulnerability. An attacker, posing as an administrator, can upload a photo with malicious JavaScript content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of the victim's web browser. This can be achieved through the User Admin Application. The vulnerability allows for unauthorized data access.

Recommendations As a temporary workaround, consider disabling the photo upload feature in the User Admin Application until a patch is available. Restrict access to the User Admin Application to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.