Skip to main content

CVE-2025-42941: CWE-1022: Use of Web Link to Untrusted Target with window.opener Access in SAP_SE SAP Fiori (Launchpad)

Low
VulnerabilityCVE-2025-42941cvecve-2025-42941cwe-1022
Published: Tue Aug 12 2025 (08/12/2025, 02:05:27 UTC)
Source: CVE Database V5
Vendor/Project: SAP_SE
Product: SAP Fiori (Launchpad)

Description

SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.

AI-Powered Analysis

AILast updated: 08/12/2025, 02:51:43 UTC

Technical Analysis

CVE-2025-42941 is a security vulnerability identified in SAP Fiori Launchpad, specifically affecting SAP_UI version 754. The vulnerability is categorized under CWE-1022, which relates to the use of web links to untrusted targets with window.opener access, commonly known as a Reverse Tabnabbing vulnerability. This issue arises due to insufficient protections on external navigation links (<a> elements) within the SAP Fiori Launchpad interface. When a user clicks a link that opens a new tab or window, the newly opened page can manipulate the original page via the window.opener property if proper safeguards are not implemented. In this case, an attacker with administrative privileges can craft or leverage malicious or compromised pages to exploit this vulnerability. Notably, while administrative privileges are required to configure or introduce such malicious links, the actual exploitation does not require the victim user to have administrative rights. The attack could lead to unintended manipulation of user sessions or exposure of sensitive information, impacting the confidentiality and integrity of the system. However, the availability of the system remains unaffected. The CVSS v3.1 base score is 3.5, indicating a low severity level, reflecting the need for administrative privileges and user interaction to exploit the vulnerability, as well as the limited impact on availability. No known exploits are currently reported in the wild, and no patches have been linked yet.

Potential Impact

For European organizations using SAP Fiori Launchpad (SAP_UI 754), this vulnerability poses a risk primarily to the confidentiality and integrity of sensitive business data and user sessions. Given SAP's widespread adoption across various industries in Europe, including manufacturing, finance, and public sector entities, exploitation could lead to unauthorized access or manipulation of critical business processes. The requirement for administrative privileges to set up malicious links limits the attack surface to insider threats or attackers who have already gained elevated access. However, once exploited, normal users could be targeted through crafted links, potentially leading to session hijacking or data leakage. The impact is particularly significant for organizations with complex SAP landscapes and multiple users accessing the Fiori Launchpad, as it could undermine trust in the system's security and lead to compliance issues under GDPR if personal data is exposed. Availability is not impacted, so operational disruptions are unlikely, but the breach of confidentiality and integrity could have regulatory and reputational consequences.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Review and restrict administrative privileges to minimize the number of users who can configure or introduce external links in SAP Fiori Launchpad. 2) Apply strict input validation and sanitization on all external links to ensure they include the rel="noopener noreferrer" attribute, which prevents the window.opener property from being accessible to the linked page, thereby mitigating Reverse Tabnabbing risks. 3) Conduct regular security audits and code reviews of custom SAP Fiori applications and configurations to detect and remediate unsafe link usage. 4) Educate users about the risks of clicking on external links within the SAP environment, especially those that open new tabs or windows. 5) Monitor SAP system logs for unusual administrative activities related to link configurations. 6) Stay updated with SAP security advisories and apply patches or updates as soon as they become available. 7) Consider deploying web application firewalls (WAF) with rules to detect and block suspicious link manipulations or redirections within SAP web interfaces.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
sap
Date Reserved
2025-04-16T13:25:34.582Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 689aa7d2ad5a09ad002be762

Added to database: 8/12/2025, 2:32:50 AM

Last enriched: 8/12/2025, 2:51:43 AM

Last updated: 8/19/2025, 12:34:30 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats