Vulnerability in Sap_se Sap Commerce (Backoffice)

CVE-2025-24874

SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header i…

EPSS: 0.003 (21.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-24874?
CVE-2025-24874 is a medium-severity vulnerability in Sap_se Sap Commerce (Backoffice), classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 6.8/10. Published 2025-02-11.
How severe is CVE-2025-24874?
Medium severity. CVSS v3 base score is 6.8 out of 10.