CVE-2025-24868 HIGH

CVE-2025-24868: Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

Vendor Sap_Se

Product SAP HANA extended application services, advanced model (User Account and Authentication Services)

Weakness CWE-601 · Open redirect

Published February 11, 2025

Last update February 11, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.

Key dates

02Disclosure timeline

February 11, 2025 CVE published

February 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-24868 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

Identifiers

CVE CVE-2025-24868

CWE CWE-601

CVSS 7.1 / HIGH

Affected versions