CVE-2025-42924 MEDIUM

CVE-2025-42924: Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)

Vendor Sap_Se
Product SAP S/4HANA landscape (SAP E-Recruiting BSP)
Weakness CWE-601 · Open redirect
Published November 11, 2025
Last update November 12, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated