Login Sign Up

CVE-2025-42886

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This is a reflected cross-site scripting (XSS) vulnerability in SAP Business Connector that allows unauthenticated attackers to craft malicious links. When authenticated users click these links, malicious scripts execute in their browser context, potentially allowing attackers to steal session data or perform actions as the victim. All users of vulnerable SAP Business Connector versions are affected.

💻 Affected Systems

Products:
  • SAP Business Connector
Versions: Specific versions not detailed in provided references; check SAP Note 3665907 for exact affected versions
Operating Systems: All supported OS for SAP Business Connector
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in web interface components; requires user interaction via malicious link

📦 What is this software?

Business Connector by Sap

View all CVEs affecting Business Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full access to SAP Business Connector, exfiltrates sensitive business data, and performs unauthorized transactions.

🟠

Likely Case

Attacker steals user session tokens, accesses moderate sensitivity data, and performs limited unauthorized actions within the victim's permissions.

🟢

If Mitigated

Attack fails due to input validation, content security policies, or user awareness preventing link clicks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires social engineering to trick users into clicking malicious links

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SAP Note 3665907 for specific patched versions

Vendor Advisory: https://me.sap.com/notes/3665907

Restart Required: Yes

Instructions:

1. Review SAP Note 3665907 for affected versions and patches. 2. Apply SAP security patch from SAP Support Portal. 3. Restart SAP Business Connector services. 4. Verify patch application.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for user-supplied parameters

Content Security Policy

all

Implement strict Content Security Policy headers to restrict script execution

🧯 If You Can't Patch

  • Implement web application firewall (WAF) with XSS protection rules
  • Educate users about phishing risks and suspicious links

🔍 How to Verify

Check if Vulnerable:

Check SAP Business Connector version against affected versions in SAP Note 3665907

Check Version:

Check SAP Business Connector administration interface or consult SAP documentation for version check commands

Verify Fix Applied:

Verify patch application through SAP administration console and test XSS payloads are properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL parameters with script tags or JavaScript code
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests containing suspicious script payloads in URL parameters

SIEM Query:

web.url:*<script* OR web.url:*javascript:*

📊 Metadata

CVE ID: CVE-2025-42886
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.14% exploit probability (33.4th percentile)
Published: November 11, 2025
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-42886, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)