CVE-2025-42941
Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
In short
SAP Fiori Launchpad has a vulnerability where links to external websites can be manipulated to redirect users back to a fake login page that steals their session information. An attacker with administrative access can set up these malicious links, potentially compromising user accounts.
Technical detail
Reverse Tabnabbing vulnerability in SAP Fiori Launchpad due to missing referrer policy and window.opener protections on external navigation links. An attacker with administrative privileges can inject malicious links that, when clicked by users, allow the attacker to control the original tab and capture session tokens or credentials, affecting confidentiality and integrity.
Summary generated and translated by AI from the official description.
SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Affected products
SAP_SE · SAP Fiori (Launchpad)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →