6.1

CVE-2025-42981

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
Product SAP NetWeaver Application Server ABAP
Default Statusunaffected
Version SAP_BASIS 700
Status affected
Version SAP_BASIS 701
Status affected
Version SAP_BASIS 702
Status affected
Version SAP_BASIS 731
Status affected
Version SAP_BASIS 740
Status affected
Version SAP_BASIS 750
Status affected
Version SAP_BASIS 751
Status affected
Version SAP_BASIS 752
Status affected
Version SAP_BASIS 753
Status affected
Version SAP_BASIS 754
Status affected
Version SAP_BASIS 755
Status affected
Version SAP_BASIS 756
Status affected
Version SAP_BASIS 757
Status affected
Version SAP_BASIS 758
Status affected
Version SAP_BASIS 816
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.272
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
cna@sap.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.