CVE-2025-42981

Summary

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References