CVE-2025-42981
MEDIUMSAP NetWeaver Application Server ABAP - Open Redirect
Title source: llmDescription
Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3617131
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
10.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (15)
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 700
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 701
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 702
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 731
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 740
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 750
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 751
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 752
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 753
SAP_SE/SAP NetWeaver Application Server ABAP
SAP_BASIS 754
... and 5 more
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026