← Volver a CVEs
CVE-2025-42893
MEDIUM6.1
Descripcion
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado11/11/2025
Ultima modificacion1/16/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
sap:business_connector
Debilidades (CWE)
CWE-601
Referencias
https://me.sap.com/notes/3662000(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.