<h1>Active Exploitation of Critical SAP S/4HANA Vulnerability CVE-2025-42957</h1>
<p>A significant security flaw within SAP S/4HANA, identified as CVE-2025-42957, is currently being exploited by threat actors. With a CVSS score of 9.9, this code injection vulnerability presents a severe risk as it allows attackers with low-level privileges to inject ABAP code, bypass authorization checks, and gain complete control over the system.</p>
<h2>Details of the Vulnerability</h2>
<p>The vulnerability affects all releases of SAP S/4HANA, including both on-premise and Private Cloud editions. Exploitation enables malicious actors to:</p>
<ul>
<li>Delete, insert, or modify critical database data.</li>
<li>Create new superuser accounts with comprehensive system privileges.</li>
<li>Download and potentially misuse password hashes for unauthorized access.</li>
<li>Alter established business processes, potentially crippling business operations.</li>
</ul>
<h2>Current Situation</h2>
<p>Despite SAP releasing a patch on August 11, many systems remain unpatched. This delay can be attributed to the inherent complexities of applying security updates within ERP environments. Consequently, attackers have not only developed but also deployed working exploits, taking advantage of these unpatched systems. Notably, these exploits can delete data, escalate privileges, and cause significant operational disruptions. Security researchers, particularly those at SecurityBridge, have confirmed ongoing exploitation attempts.</p>
<h2>Immediate Recommendations</h2>
<p>Organizations using SAP S/4HANA should urgently:</p>
<ol>
<li><strong>Apply the latest security patches</strong> provided by SAP to mitigate the vulnerability.</li>
<li><strong>Monitor for abnormal activity</strong>, particularly unauthorized RFC calls or unexpected superuser account creation, which could indicate an active breach.</li>
<li><strong>Implement enhanced monitoring procedures</strong> to detect unauthorized changes in business processes and system configurations.</li>
</ol>
<h2>Conclusion</h2>
<p>The active exploitation of CVE-2025-42957 underscores the critical importance of timely patch management and vigilant system monitoring. Organizations must prioritize securing their SAP environments to safeguard sensitive business data and maintain operational integrity.</p>


Collections

A critical code injection vulnerability (CVE-2025-42957) with CVSS score 9.9 is being actively exploited in SAP S/4HANA systems. The flaw allows attackers with low privileges to inject ABAP code, bypass authorization, create superuser accounts, and manipulate database data. Despite patches being available since August 11, many systems remain vulnerable due to complex ERP update processes, leading to ongoing exploitation attempts.

Urgent Advisory: Active Exploitation of SAP S/4HANA Vulnerability CVE-2025-42957