CVE-2025-42924 | THREATINT

Description

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner sap

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-601: URL Redirection to Untrusted Site

Product status

Default status

unaffected

S4ERECRT 100

affected

200

affected

ERECRUIT 600

affected

603

affected

604

affected

605

affected

606

affected

616

affected

617

affected

800

affected

801

affected

802

affected

References

me.sap.com/notes/3642398

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42924)

nvd.nist.gov (CVE-2025-42924)

Download JSON