Reverse Tabnabbing Vulnerability in SAP Fiori Launchpad
CVE-2025-42941

3.5LOW

Key Information:

Vendor: SAP
Status: SAP Fiori (launcHPad)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42941?

SAP Fiori (Launchpad) suffers from a reverse tabnabbing vulnerability due to insufficient protections against external navigation for its link elements. An attacker could exploit this flaw by leveraging compromised or malicious web pages, potentially resulting in unauthorized manipulation of user sessions or the exposure of confidential information. Although administrative user privileges may facilitate exploit configurations, they are not required to carry out the attack. This vulnerability raises significant concerns regarding the confidentiality and integrity of the SAP Fiori system, although system availability remains untouched.

Affected Version(s)

SAP Fiori (Launchpad) SAP_UI 754

References

https://me.sap.com/notes/3624943

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025