Unauthenticated Link Redirection Vulnerability in SAP E-Recruiting by SAP
CVE-2025-42924

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana Landscape (SAP E-recruiting Bsp)
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-42924?

The SAP E-Recruiting component of the SAP S/4HANA landscape contains a vulnerability that enables unauthenticated attackers to create malicious links. When these links are clicked by unsuspecting users, they can be redirected to attacker-controlled pages, posing potential risks to user trust. While the impact on the confidentiality and integrity of the application is considered low, it is crucial to address this vulnerability to maintain security best practices. Organizations using SAP E-Recruiting are advised to implement appropriate security measures to mitigate this threat.

Affected Version(s)

SAP S/4HANA landscape (SAP E-Recruiting BSP) S4ERECRT 100

SAP S/4HANA landscape (SAP E-Recruiting BSP) 200

SAP S/4HANA landscape (SAP E-Recruiting BSP) ERECRUIT 600

References

https://me.sap.com/notes/3642398

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON