- How Tech Leaders Are Using AI to Solve 10 Procurement Challenges
- Are you an aspiring independent author? Spotify's wants to buy your short-form audiobook
- Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director
- This thumb-sized SSD is my new favorite iPhone accessory for work travel - how it works
- Watch out, Shokz - Samsung might be entering the open-ear earbud game this summer
SAP patches severe vulnerabilities in NetWeaver and Commerce apps
SAP Security Note #3569602 covers a cross-site scripting (XSS) vulnerability in SAP Commerce, stemming from security bugs in the open-source library swagger-ui bundled with the widely used middleware.
Tracked as CVE-2025-27434, the flawed explore feature of Swagger UI creates a potential mechanism for an unauthenticated attacker to inject malicious code from remote sources through a DOM-based XSS attack. Any potential victim would first need to be tricked into placing a malicious payload into an input field, potentially via social engineering trickery.
If successful, attackers would be able to breach the confidentiality, integrity, and availability of the application — earning the vulnerability a high CVSS score of 8.8.
