CVE-2025-42924

Summary

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)S4ERECRT 100affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)200affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)ERECRUIT 600affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)603affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)604affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)605affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)606affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)616affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)617affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)800affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)801affected
SAP_SESAP S/4HANA landscape (SAP E-Recruiting BSP)802affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References