CVE-2025-42941
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | fiori | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1022 | The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reverse Tabnabbing issue in SAP Fiori (Launchpad) caused by insufficient protections on external navigation links (<a> elements). It allows an attacker, potentially with administrative user privileges, to exploit compromised or malicious pages to manipulate user sessions or expose sensitive information. The attacker does not need administrative privileges to execute the attack once the malicious page is leveraged.
How can this vulnerability impact me? :
The vulnerability can impact you by compromising the confidentiality and integrity of your system. It could lead to unintended manipulation of user sessions or exposure of sensitive information. However, it does not affect the availability of the system.