Facebook Twitter Youtube
Donate
[current_date]
Facebook Twitter Youtube
Donate

SAP S/4HANA Vulnerability (CVE-2025-42957) Under Active Exploitation

A critical SAP S/4HANA vulnerability (CVE-2025-42957, CVSS 9.9) is under active exploitation, allowing attackers to fully compromise systems.
SAP S/4HANA vulnerability

A critical security flaw in SAP S/4HANA (CVE-2025-42957, CVSS score 9.9) is now under active exploitation, exposing enterprise environments to full system compromise if left unpatched.

The flaw was addressed in SAP’s latest monthly update but attackers are already exploiting unpatched systems.

Vulnerability DetailsAccording to the NIST National Vulnerability Database (NVD), the issue is a command injection vulnerability in a function module exposed via RFC.

Key risks include:

  • Injection of arbitrary ABAP code
  • Bypassing authorization checks
  • Modification of the SAP database
  • Creation of superuser accounts with SAP_ALL privileges
  • Theft of password hashes
  • Manipulation of core business processes

This puts the confidentiality, integrity, and availability of affected systems at severe risk.

Exploitation in the Wild

SecurityBridge Threat Research Labs confirmed active exploitation attempts. The vulnerability impacts both on-premise and Private Cloud editions of SAP S/4HANA.

The threat researchers warned:

  • Only a low-privileged account is needed for exploitation
  • Attackers can achieve a complete system takeover with minimal effort
  • Potential consequences include fraud, data theft, espionage, and ransomware installation

Although mass exploitation has not been seen yet, reverse engineering the patch to create exploits is reportedly “relatively easy.”

Mitigation and Security Recommendations

Organizations running SAP S/4HANA should take immediate action:

  1. Apply patches immediately to close CVE-2025-42957.
  2. Monitor system logs for suspicious RFC calls or newly created admin users.
  3. Review and restrict RFC usage using SAP UCON.
  4. Restrict access to the S_DMIS authorization object (activity 02).
  5. Ensure backups and segmentation are in place to limit damage in case of compromise.

Why It Matters

SAP S/4HANA is one of the most widely used ERP platforms worldwide, making it a high-value target for attackers. Exploits like CVE-2025-42957 can directly impact business operations, financial data, and supply chain processes.

For enterprises, staying current with SAP security patches and enforcing strict access controls is critical to reducing risk.

Post Views: 30

Leave a Comment

Your email address will not be published. Required fields are marked *

Follow Our Socials

Facebook Twitter Youtube

Latest Posts

Scroll to Top