CVE-2025-0054

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions prior to the fixed version

Description: The issue is related to insufficient handling of user input, resulting in a stored cross-site scripting vulnerability. Attackers with basic user privileges can store a Javascript payload on the server, which could be later executed in the victim's web browser, potentially allowing them to read or modify information associated with the vulnerable web page.

Recommendations: For SAP NetWeaver Application Server Java, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive web pages and implementing additional security measures to minimize the risk of stored cross-site scripting attacks.