CVE-2025-24868

High

Published: 11 February 2025

Published

11 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0006 20.0th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

Security Summary

CVE-2025-24868 is an open redirect vulnerability (CWE-601) affecting the User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model). The issue arises from insufficient validation of redirect URLs, allowing an unauthenticated attacker to manipulate browser redirects. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I/L/A:L) and was published on 2025-02-11.

An unauthenticated attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a victim, redirects the victim's browser to a malicious site. Successful exploitation results in limited impact on the confidentiality, integrity, and availability of the system.

SAP has released security note 3563929 at https://me.sap.com/notes/3563929 addressing this vulnerability, as part of the SAP Security Patch Day detailed at https://url.sap/sapsecuritypatchday. Security practitioners should consult these resources for patch deployment and mitigation guidance.

Details

CWE(s): CWE-601

MITRE ATT&CK Enterprise Techniques

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

Why these techniques?

Open redirect allows crafting malicious links that redirect victims to attacker sites when clicked, directly enabling spearphishing link attacks.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://me.sap.com/notes/3563929
cna@sap.com
https://url.sap/sapsecuritypatchday
cna@sap.com