/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Vulnerability Information
- CVE: CVE-2025-66035
- Black Duck: BDSA-2025-35152
- Vulnerability type: Angular HttpClient may leak X-XSRF-TOKEN under specific preconditions
- NVD baseline rating: CVSS 4.0 7.7 (High) (generic component-level context)
Read more...
Environment
- SAP Commerce Cloud 2205 (2211 is unaffected because it adopts the latest Angular version)
- Frontend module scope:
- smartedit
- personalizationsmartedit
- personalizationsearchsmartedit
- merchandisingsmartedit
- Affected component baseline in scope: Angular 8.2.14
Product
SAP Commerce 2205 ; SAP Commerce Cloud all versions
Keywords
SmartEdit, Angular, CVE-2025-66035 , KBA , CEC-SCC-COM-SEDIT , SmartEdit , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)