216.73.217.80

CVE-2025-42941

· Published 12/08/2025 03:15 · Modified 12/08/2025 14:25

Labels: CVE-2025-42941 2025-08-12CVE-2025-42941CWE-1022[email protected]

Essential information

Published
12/08/2025 03:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
3.5 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sap / sap fiori cpe:2.3:a:sap:sap_fiori:*:*:*:*:*:*:*:*

References