CVE-2025-42981
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-08
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver_application_server_abap | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue in SAP NetWeaver Application Server ABAP where an attacker can create a malicious URL containing a script. When a user clicks this URL, the script runs in their browser and redirects them to an attacker-controlled site. This happens because the URL location is not properly sanitized.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to access or modify restricted information related to the web client through the victim's browser. It affects confidentiality and integrity but does not impact data availability.