Cyber Posture

CVE-2025-24868

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0006 20.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24868 is a high-severity Open Redirect (CWE-601) vulnerability in Sap (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Link (T1566.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of redirect URL inputs to prevent manipulation leading to open redirects in the UAA service.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the specific flaw in SAP HANA UAA redirect validation via patching as per SAP note 3563929.

SI-15 Information Output Filtering partial match
prevent

Provides output filtering to sanitize or restrict malicious redirect URLs before transmission to victims' browsers.

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Open redirect allows crafting malicious links that redirect victims to attacker sites when clicked, directly enabling spearphishing link attacks.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a…

more

malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.

Deeper analysisAI

CVE-2025-24868 is an open redirect vulnerability (CWE-601) affecting the User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model). The issue arises from insufficient validation of redirect URLs, allowing an unauthenticated attacker to manipulate browser redirects. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I/L/A:L) and was published on 2025-02-11.

An unauthenticated attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a victim, redirects the victim's browser to a malicious site. Successful exploitation results in limited impact on the confidentiality, integrity, and availability of the system.

SAP has released security note 3563929 at https://me.sap.com/notes/3563929 addressing this vulnerability, as part of the SAP Security Patch Day detailed at https://url.sap/sapsecuritypatchday. Security practitioners should consult these resources for patch deployment and mitigation guidance.

Details

CWE(s)
CWE-601

Affected Products

Sap
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24381Shared CWE-601
CVE-2024-57241Shared CWE-601
CVE-2025-24180Shared CWE-601
CVE-2026-28512Shared CWE-601
CVE-2025-0244Shared CWE-601
CVE-2026-33102Shared CWE-601
CVE-2024-51321Shared CWE-601
CVE-2025-55031Shared CWE-601
CVE-2025-23363Shared CWE-601
CVE-2026-34931Shared CWE-601

References