CVE-2025-24874

Name of the Vulnerable Software and Affected Versions: SAP Commerce (Backoffice) (affected versions not specified)

Description: The issue concerns the use of the deprecated X-FRAME-OPTIONS header to protect against clickjacking. Although this protection is currently effective, it may not remain so in the future if browsers discontinue support for this header in favor of the frame-ancestors CSP directive. This could potentially lead to clickjacking, resulting in the exposure and modification of sensitive information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.