Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Safety
A vital safety vulnerability impacting SAP S/4HANA, an Enterprise Useful resource Planning (ERP) software program, has come underneath energetic exploitation within the wild.
The command injection vulnerability, tracked as CVE-2025-42957 (CVSS rating: 9.9), was mounted by SAP as a part of its month-to-month updates final month.
“SAP S/4HANA permits an attacker with person privileges to take advantage of a vulnerability within the operate module uncovered through RFC,” in accordance with an outline of the flaw within the NIST Nationwide Vulnerability Database (NVD). “This flaw permits the injection of arbitrary ABAP code into the system, bypassing important authorization checks.
Profitable exploration of the defect might end in a full system compromise of the SAP surroundings, subverting the confidentiality, integrity, and availability of the system. Briefly, it could actually allow attackers to change the SAP database, create superuser accounts with SAP_ALL privileges, obtain password hashes, and alter enterprise processes.
SecurityBridge Risk Analysis Labs, in an alert issued Thursday, stated it has noticed energetic exploitation of the flaw, stating the problem impacts each on-premise and Non-public Cloud editions.
“Exploitation requires entry solely to a low-privileged person to totally compromise an SAP system,” the corporate stated. “A whole system compromise with minimal effort required, the place profitable exploitation can simply result in fraud, knowledge theft, espionage, or the set up of ransomware.”
It additionally famous that whereas widespread exploitation has not but been detected, menace actors possess the data to make use of it, and that reverse engineering the patch to create an exploit is “comparatively straightforward.”
Because of this, organizations are suggested to use the patches as quickly as doable, monitor logs for suspicious RFC calls or new admin customers, and guarantee applicable segmentation and backups are in place.
“Contemplate implementing SAP UCON to limit RFC utilization and overview and prohibit entry to authorization object S_DMIS exercise 02,” it additionally stated.
