CVE 3.5 LOW

Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)_CVE-2025-42941

August 11, 2025 invoker category_cve

3.5 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Description

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.

AI Analysis

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing due to inadequate external navigation protections in link elements, potentially leading to session manipulation or data exposure.

Basic Information

ID CVE-2025-42941

Source sap

Published Aug 12, 2025 at 02:05

Affected Product

Vendor SAP_SE

Product SAP Fiori (Launchpad)

Version SAP_UI 754

Affected Versions SAP_SE SAP Fiori (Launchpad) SAP_UI 754

CWE Classification

CWE-1022

AI Assessment

AI Score 3.5 / 10

AI Severity LOW

Vendor SAP

Product SAP Fiori (Launchpad)

Version SAP_UI 754

References

{
    "lastseen": "",
    "description": "SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.",
    "published": "2025-08-12T02:05:27.846Z",
    "modified": "2025-08-12T02:05:27.846Z",
    "type": "cve",
    "title": "Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3624943\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42941",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1022"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Fiori (Launchpad) SAP_UI 754",
    "sourceHref": "",
    "cvss": {
        "score": 3.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Fiori (Launchpad)",
    "version": "SAP_UI 754",
    "vendor": "SAP_SE",
    "ai_description": "SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing due to inadequate external navigation protections in link elements, potentially leading to session manipulation or data exposure.",
    "ai_severity": "LOW",
    "ai_vendor": "SAP",
    "ai_product": "SAP Fiori (Launchpad)",
    "ai_version": "SAP_UI 754",
    "ai_score": 3.5
}

💭 Join the Security Discussion ❌ Cancel Reply