CVE-2025-24868

Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

CVSS 7.1 HIGHEPSS 0.2%CWE-601

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 fev 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Produtos afetados

SAP_SE · SAP HANA extended application services, advanced model (User Account and Authentication Services)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3563929 https://url.sap/sapsecuritypatchday