Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.

Basic Information

ID CVE-2025-42924

Source sap

Published Nov 11, 2025 at 00:20

Affected Product

Vendor SAP_SE

Product SAP S/4HANA landscape (SAP E-Recruiting BSP)

Version S4ERECRT 100

Affected Versions SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) S4ERECRT 100
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 200
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) ERECRUIT 600
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 603
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 604
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 605
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 606
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 616
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 617
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 800
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 801
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 802

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.",
    "published": "2025-11-11T00:20:31.304Z",
    "modified": "2025-11-11T00:20:31.304Z",
    "type": "cve",
    "title": "Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3642398\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42924",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) S4ERECRT 100\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 200\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) ERECRUIT 600\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 603\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 604\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 605\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 606\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 616\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 617\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 800\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 801\nSAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP) 802",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP S/4HANA landscape (SAP E-Recruiting BSP)",
    "version": "S4ERECRT 100",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)_CVE-2025-42924