CVE-2025-24868

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 601

Summary

CVE-2025-24868 is a vulnerability affecting the User Account and Authentication service (UAA) in SAP HANA extended application services, advanced model (SAP HANA XS advanced model). An attacker can craft a malicious link and redirect vulnerable systems to malicious sites through insufficient redirect URL validation. This issue can result in limited impact on the system's confidentiality, integrity, and availability. Unauthenticated attackers can exploit this vulnerability, making it a significant security concern for organizations using SAP HANA XS advanced model.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP HANA

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/21X3ix
https://www.cve.org/CVERecord?id=CVE-2025-24868
https://nvd.nist.gov/vuln/detail/CVE-2025-24868

Back to Vulnerability Database