Vulnerability in Sap_se Sap Commerce (Backoffice)
CVE-2025-24874
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header i…
EPSS: 0.003 (21.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Sap_se Sap Commerce (Backoffice) — versions HY_COM 2205, COM_CLOUD 2211
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-24874?
- CVE-2025-24874 is a medium-severity vulnerability in Sap_se Sap Commerce (Backoffice), classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 6.8/10. Published 2025-02-11.
- How severe is CVE-2025-24874?
- Medium severity. CVSS v3 base score is 6.8 out of 10.