SAP S/4HANA Suffers Active Exploitation of Critical Vulnerability CVE-2025-42957
Sep 05, 2025
Vulnerability / Enterprise Security
A serious security flaw in SAP S/4HANA, a popular Enterprise Resource Planning (ERP) system, is currently being exploited in the wild. This command injection vulnerability, designated as CVE-2025-42957 and given a CVSS score of 9.9, was recently addressed by SAP in its monthly updates. According to the NIST National Vulnerability Database (NVD), “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.” This flaw allows for the injection of arbitrary ABAP code into the system, bypassing critical authorization checks. A successful attack could compromise the entire SAP environment, threatening the confidentiality, integrity, and availability of the system. Attackers could manipulate the SAP database, create superuser accounts with SAP_ALL privileges, extract password hashes, and disrupt business processes.
Vulnerability / Enterprise Security
Active Exploitation of Critical SAP S/4HANA Vulnerability CVE-2025-42957 On September 5, 2025, a severe security vulnerability affecting SAP S/4HANA, a widely utilized Enterprise Resource Planning (ERP) software, has been confirmed as being exploited in the wild. This critical command injection vulnerability, identified as CVE-2025-42957, carries a CVSS score of 9.9,…
SAP S/4HANA Suffers Active Exploitation of Critical Vulnerability CVE-2025-42957
Sep 05, 2025
Vulnerability / Enterprise Security
A serious security flaw in SAP S/4HANA, a popular Enterprise Resource Planning (ERP) system, is currently being exploited in the wild. This command injection vulnerability, designated as CVE-2025-42957 and given a CVSS score of 9.9, was recently addressed by SAP in its monthly updates. According to the NIST National Vulnerability Database (NVD), “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.” This flaw allows for the injection of arbitrary ABAP code into the system, bypassing critical authorization checks. A successful attack could compromise the entire SAP environment, threatening the confidentiality, integrity, and availability of the system. Attackers could manipulate the SAP database, create superuser accounts with SAP_ALL privileges, extract password hashes, and disrupt business processes.