CVE-2025-42973 MEDIUM

CVE-2025-42973: Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report)

Vendor Sap_Se

Product SAP Data Services (DQ Report)

Weakness CWE-79 · XSS

Published July 8, 2025

Last update July 8, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected.

Key dates

02Disclosure timeline

July 8, 2025 CVE published

July 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42973 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-42973

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP Data Services (DQ Report)

Affected SBOP_DS_MANAGEMENT_CONSOLE 4.3

Vendor Sap_Se

Product SAP Data Services (DQ Report)

Affected 2025

CVE-2025-42973: Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report)

01Description

02Disclosure timeline

03References

04Related CVE