CVE-2025-42981

{"id": "CVE-2025-42981", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T01:15:25.427", "references": [{"url": "https://me.sap.com/notes/3617131", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity."}, {"lang": "es", "value": "Debido a una vulnerabilidad de redirecci\u00f3n abierta en SAP NetWeaver Application Server ABAP, un atacante no autenticado podr\u00eda manipular un enlace URL que incruste un script malicioso en una ubicaci\u00f3n no depura correctamente. Cuando una v\u00edctima hace clic en este enlace, el script se ejecuta en su navegador, redirigi\u00e9ndola a un sitio web controlado por el atacante. Esto le permite acceder o modificar informaci\u00f3n restringida del cliente web. Si bien la vulnerabilidad no afecta la disponibilidad de los datos, s\u00ed representa un riesgo considerable para la confidencialidad e integridad."}], "lastModified": "2025-07-08T16:18:14.207", "sourceIdentifier": "cna@sap.com"}