CVE-2025-42893
Last modified
CVE-2025-42893 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Connector | 4.8 |
References
- https://me.sap.com/notes/3662000Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-42893?
How severe is CVE-2025-42893?
How do I fix CVE-2025-42893?
Are you affected by CVE-2025-42893?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST