CVE-2025-42985
MEDIUMSAP BusinessObjects Content Administrator Workbench - Open Redirect via Crafted URL
Title source: llmDescription
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3617380
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.1
EPSS
0.0022
EPSS Percentile
12.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (20)
SAP_SE/SAP BusinessObjects Content Administrator workbench
200
SAP_SE/SAP BusinessObjects Content Administrator workbench
300
SAP_SE/SAP BusinessObjects Content Administrator workbench
400
SAP_SE/SAP BusinessObjects Content Administrator workbench
701
SAP_SE/SAP BusinessObjects Content Administrator workbench
702
SAP_SE/SAP BusinessObjects Content Administrator workbench
731
SAP_SE/SAP BusinessObjects Content Administrator workbench
740
SAP_SE/SAP BusinessObjects Content Administrator workbench
750
SAP_SE/SAP BusinessObjects Content Administrator workbench
751
SAP_SE/SAP BusinessObjects Content Administrator workbench
752
... and 10 more
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026