CVE-2025-42941 LOW

CVE-2025-42941: Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)

Vendor Sap_Se
Product SAP Fiori (Launchpad)
Weakness CWE-1022
Published August 12, 2025
Last update August 12, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 12, 2025 Record updated