CVE-2025-42981: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

An open redirect vulnerability (CVE-2025-42981) was discovered in SAP NetWeaver Application Server ABAP. The vulnerability allows an unauthenticated attacker to craft a URL link embedding a malicious script at a location not properly sanitized. This vulnerability was disclosed on July 7, 2025, and affects SAP NetWeaver Application Server ABAP systems (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-601 (URL Redirection to Untrusted Site). When exploited, the script executes within the victim's browser, redirecting them to a site controlled by the attacker (NVD, GBHackers).

The vulnerability affects the confidentiality and integrity of web client information, while posing no impact on data availability. When successfully exploited, it allows attackers to access and/or modify restricted information related to the web client (NVD).

SAP has released security patches as part of their July 2025 Security Patch Day. Organizations are strongly recommended to apply these security updates immediately to protect their SAP landscape from potential security breaches (Cybersecurity News).