CVE-2025-42924
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-12

Assigner: SAP SE

Description
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-42924
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap sap_e-recruiting *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the SAP S/4HANA landscape SAP E-Recruiting BSP, where an unauthenticated attacker can create malicious links. If a victim clicks on such a link, they could be redirected to a page controlled by the attacker. This vulnerability has a low impact on the confidentiality and integrity of the application and does not affect availability.

Impact Analysis

The impact of this vulnerability is that an attacker can redirect users to malicious pages, potentially leading to phishing or other social engineering attacks. However, it has only a low impact on the confidentiality and integrity of the application and no impact on its availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-42924. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart