Open Redirect in SAP NetWeaver ABAP Enables Malicious Script Execution
CVE-2025-42981 Published on July 8, 2025

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP
Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.

NVD

Vulnerability Analysis

CVE-2025-42981 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is an Open Redirect Vulnerability?

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

CVE-2025-42981 has been classified to as an Open Redirect vulnerability or weakness.

Products Associated with CVE-2025-42981

Want to know whenever a new CVE is published for SAP Netweaver Application Server Abap? stack.watch will email you.

SAP Netweaver Application Server Abap

Affected Versions

SAP_SE SAP NetWeaver Application Server ABAP:

Version SAP_BASIS 700 is affected.
Version SAP_BASIS 701 is affected.
Version SAP_BASIS 702 is affected.
Version SAP_BASIS 731 is affected.
Version SAP_BASIS 740 is affected.
Version SAP_BASIS 750 is affected.
Version SAP_BASIS 751 is affected.
Version SAP_BASIS 752 is affected.
Version SAP_BASIS 753 is affected.
Version SAP_BASIS 754 is affected.
Version SAP_BASIS 755 is affected.
Version SAP_BASIS 756 is affected.
Version SAP_BASIS 757 is affected.
Version SAP_BASIS 758 is affected.
Version SAP_BASIS 816 is affected.

Exploit Probability

EPSS

0.09%

Percentile

26.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.