CVE-2025-42893Open Redirect in SE SAP Business Connector

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 77.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ConnectorSAP Business Connector
Timeline
PublishedNov 11

Description

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap_se/sap_business_connectorSAP BC 4.8

🔴Vulnerability Details

2
CVEList
Open Redirect vulnerability in SAP Business Connector2025-11-11
GHSA
GHSA-v22q-94v8-95q2: Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim2025-11-11
CVE-2025-42893 — Open Redirect | cvebase