Cyber Resilience

CVE-2025-24868

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0006 20.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24868 is a high-severity Open Redirect (CWE-601) vulnerability in Sap (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24868 is an open redirect vulnerability (CWE-601) affecting the User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model). The issue arises from insufficient validation of redirect URLs, allowing an unauthenticated attacker to manipulate browser redirects. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I/L/A:L) and was published on 2025-02-11.

An unauthenticated attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a victim, redirects the victim's browser to a malicious site. Successful exploitation results in limited impact on the confidentiality, integrity, and availability of the system.

SAP has released security note 3563929 at https://me.sap.com/notes/3563929 addressing this vulnerability, as part of the SAP Security Patch Day detailed at https://url.sap/sapsecuritypatchday. Security practitioners should consult these resources for patch deployment and mitigation guidance.

EU & UK References

Vulnerability details

The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a…

more

malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Why these techniques?

Open redirect allows crafting malicious links that redirect victims to attacker sites when clicked, directly enabling spearphishing link attacks.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57241Shared CWE-601
CVE-2024-13888Shared CWE-601
CVE-2025-24381Shared CWE-601
CVE-2025-0244Shared CWE-601
CVE-2020-36912Shared CWE-601
CVE-2026-7504Shared CWE-601
CVE-2026-34931Shared CWE-601
CVE-2026-29067Shared CWE-601
CVE-2024-51321Shared CWE-601
CVE-2026-28512Shared CWE-601

Affected Assets

Sap
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of redirect URL inputs to prevent manipulation leading to open redirects in the UAA service.

prevent

Mandates timely remediation of the specific flaw in SAP HANA UAA redirect validation via patching as per SAP note 3563929.

prevent

Provides output filtering to sanitize or restrict malicious redirect URLs before transmission to victims' browsers.

References