CVE-2025-42981 — Open Redirect in SE SAP Netweaver Application Server Abap

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 66.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap

Timeline

PublishedJul 8

Description

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap15 versions+14

🔴Vulnerability Details

CVEList

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP↗2025-07-08

▶

GHSA

GHSA-263g-f2m6-f7m9: Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicio↗2025-07-08

▶