SAP E-Recruiting BSP URL Redirection (CWE-601) in S/4HANA
CVE-2025-42924 Published on November 11, 2025
Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.
Vulnerability Analysis
CVE-2025-42924 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an Open Redirect Vulnerability?
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
CVE-2025-42924 has been classified to as an Open Redirect vulnerability or weakness.
Products Associated with CVE-2025-42924
Want to know whenever a new CVE is published for SAP S4hana? stack.watch will email you.
Affected Versions
SAP_SE SAP S/4HANA landscape (SAP E-Recruiting BSP):- Version S4ERECRT 100 is affected.
- Version 200 is affected.
- Version ERECRUIT 600 is affected.
- Version 603 is affected.
- Version 604 is affected.
- Version 605 is affected.
- Version 606 is affected.
- Version 616 is affected.
- Version 617 is affected.
- Version 800 is affected.
- Version 801 is affected.
- Version 802 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.