CVE-2025-0059

Name: CVE-2025-0059
Creator: NVD / NIST
Published: 2025-01-14T01:15:16.19+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6/10EPSS 0.18%

Last modified Jun 17, 2026

CVE-2025-0059 is a medium-severity vulnerability rated 6/10 on the CVSS scale. Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.

Metrics

CVSS 3.1

6/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

0.18%

8.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-497

References

Timeline

Published: Jan 14, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-0059?

How severe is CVE-2025-0059?

CVE-2025-0059 has a CVSS score of 6/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.

How do I fix CVE-2025-0059?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-0059?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST