Skip to main content

Open Redirect CVE-2025-42985

| EUVD-2025-20331 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2025-07-08 cna@sap.com
Open Redirect SAP
6.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20331
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 01:15 nvd
MEDIUM 6.1

DescriptionNVD

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

Analysis

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

Technical ContextAI

An open redirect vulnerability allows attackers to redirect users from a trusted domain to an arbitrary external URL through manipulation of redirect parameters. This vulnerability is classified as URL Redirection to Untrusted Site (Open Redirect) (CWE-601).

RemediationAI

Validate redirect URLs against a whitelist of allowed destinations. Use relative URLs for redirects. Warn users before redirecting to external sites.

Share

CVE-2025-42985 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy