CVE-2025-31325 CVSS:5.8

SAP NetWeaver (ABAP Keyword Documentation) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

CVE-2025-23192 CVSS:8.2

SAP BusinessObjects Business Intelligence (BI Workspace) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

CVE-2025-42994 CVSS:7.5

SAP MDM Server is vulnerable to a denial of service, caused by a memory read access violation flaw in the ReadString function in the server process.

CVE-2025-42995 CVSS:7.5

SAP MDM Server is vulnerable to a denial of service, caused by a memory read access violation in the server process.

CVE-2025-42996 CVSS:5.6

SAP MDM Server could allow a remote attacker to gain control of existing client sessions and execute certain functions, caused by improper access control.

CVE-2025-42998 CVSS:5.3

SAP Business One Integration Framework could allow a remote attacker to access restricted pages information, caused by improper validation jof security settings.

CVE-2025-42990 CVSS:3

SAP SAPUI5 applications is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site to show malicious content and/or redirect users to a malicious URL.

CVE-2025-42983 CVSS:8.5

SAP Business Warehouse and SAP Plug-In Basis could allow a remote authenticated attacker to drop arbitrary SAP database tables, caused by missing authorization validation.