CVE-2025-42893 MEDIUM

CVE-2025-42893: Open Redirect vulnerability in SAP Business Connector

Vendor Sap_Se

Product SAP Business Connector

Weakness CWE-601 · Open redirect

Published November 11, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

November 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42893 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

CVE-2025-42893: Open Redirect vulnerability in SAP Business Connector

01Description

02Disclosure timeline

03References

04Related CVE