Critical SAP S/4HANA Vulnerability Actively Exploited in Cyber Attacks

A critical vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, has been identified as an ABAP code injection flaw within an RFC-exposed function module. This vulnerability allows low-privileged authenticated users to inject arbitrary code, bypass authorisation, and potentially take full control of SAP systems. Although SAP released a patch for this critical issue on August 11, 2025, many systems remain unpatched and are now being targeted by hackers who have weaponised the flaw. SecurityBridge, which discovered the vulnerability and assisted in developing the patch, reported that it is currently under limited exploitation in the wild. The ease of reverse engineering the ABAP code makes it simple for skilled threat actors to exploit the vulnerability, leaving unpatched systems at significant risk.

The ramifications of exploiting CVE-2025-42957 are severe, including data theft, data manipulation, privilege escalation, and operational disruption through malware or ransomware. SecurityBridge has verified instances of actual abuse of this vulnerability, highlighting the urgency for SAP administrators to apply the August 2025 Patch Day updates immediately. Affected products include various versions of S/4HANA, Landscape Transformation, Business One, and NetWeaver Application Server ABAP. For more detailed information on recommended actions, a bulletin is available, but it is accessible only to SAP customers with an account. As the threat landscape evolves, organisations must remain vigilant and proactive in securing their SAP environments. 

Categories: Vulnerability Exploitation, SAP Security Risks, Code Injection Threats 

Tags: SAP, S/4HANA, Vulnerability, CVE-2025-42957, Code Injection, Exploitation, Security, Patch, Data Theft, Privilege Escalation