Attackers are taking advantage of a significant vulnerability in SAP S/4HANA (CVE-2025-42957).

A critical vulnerability, CVE-2025-42957, in SAP S/4HANA enterprise resource planning software is currently being exploited by attackers to a limited extent, as warned by the Dutch National Cyber Security Centre (NCSC NL). This alert is based on findings from SecurityBridge’s Threat Research Labs, which confirmed that the exploit for this flaw is being used in the wild. CVE-2025-42957 is a code injection vulnerability that affects SAP S/4HANA’s function module exposed via RFC. This flaw allows the injection of arbitrary ABAP code into the system, bypassing essential authorisation checks and effectively functioning as a backdoor. This creates a significant risk of full system compromise, undermining the confidentiality, integrity, and availability of the system. The vulnerability impacts various versions of the core Enterprise Management component S4CORE, specifically versions 102 through 108.

SAP has released a patch for CVE-2025-42957, along with fixes for other vulnerabilities, on August 12, 2025. Although no public proof-of-concept (PoC) code or exploit is available, SecurityBridge researchers have demonstrated the exploit. While widespread exploitation has not yet been reported, actual abuse of this vulnerability has been verified, indicating that attackers are aware of how to exploit it, leaving unpatched SAP systems vulnerable. Furthermore, reverse engineering the patch to create an exploit is relatively straightforward for SAP ABAP, given that the ABAP code is publicly accessible. The company advises enterprise administrators to apply the provided patch, monitor for suspicious RFC calls, new admin users, or unexpected ABAP code changes, and enhance their defences through segmentation, backups, and SAP-specific monitoring.

Categories: Cybersecurity, Vulnerability Management, Software Exploitation

Tags: CVE-2025-42957, SAP S/4HANA, Vulnerability, Code Injection, Exploit, Authorization Checks, Backdoor, SecurityBridge, Patch, Cybersecurity

Attackers are taking advantage of a significant vulnerability in SAP S/4HANA (CVE-2025-42957).

Murky Panda, a China-related entity, strategically navigates through cloud services with lateral movements.

Implications of GPT-5 for IT Teams, Developers, and the Future of AI in the Workplace

Weekly Recap: Ransomware Attacks Target SonicWall Firewalls; Black Hat USA 2025 Announced for Enhanced Cybersecurity Insights.

Murky Panda, a China-related entity, strategically navigates through cloud services with lateral movements.

Zscaler, Palo Alto Networks, and SpyCloud Among Companies Impacted by Salesloft Data Breach

My new NIST guide outlines methods for detecting morphed images to enhance SEO.

Leave a Reply Cancel reply

Similar Posts

Leave a Reply Cancel reply