Open Redirect in Sap_se Sap S/4hana Landscape (Sap E-recruiting Bsp)
CVE-2025-42924
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrit…
Vulnerability class: Open Redirect
EPSS: 0.002 (8.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Sap_se Sap S/4hana Landscape (Sap E-recruiting Bsp) — versions S4ERECRT 100, 200, ERECRUIT 600
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-42924?
- CVE-2025-42924 is a medium-severity vulnerability in Sap_se Sap S/4hana Landscape (Sap E-recruiting Bsp), classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2025-11-11.
- How severe is CVE-2025-42924?
- Medium severity. CVSS v3 base score is 6.1 out of 10.