A not too long ago patched SAP S/4HANA vulnerability tracked as CVE-2025-42957 is being exploited within the wild, SAP safety options supplier SecurityBridge warned on Thursday.
The vulnerability was mounted by SAP in its enterprise useful resource planning (ERP) software program in August, after being responsibly disclosed to the seller by SecurityBridge in late June.
CVE-2025-42957 has been assigned a ‘essential’ severity ranking and it could possibly enable an attacker with low privileges to execute arbitrary code and take full management of the affected SAP system.
SecurityBridge is warning organizations in regards to the exploitation of the vulnerability, however the safety firm’s director of analysis, Joris van de Vis, informed SecurityWeek that they aren’t disclosing additional particulars on the assaults presently.
Van de Vis did verify that SecurityBridge has seen malicious exploitation of CVE-2025-42957 in buyer environments, noting that the corporate is conscious of a number of exploits.
The professional additionally identified that the vulnerability “is of comparatively low complexity” and “expert professionals with good SAP and/or safety experience can readily develop working exploits”.
SecurityBridge stated in its weblog submit that profitable exploitation of the flaw can allow an attacker to delete knowledge from or insert knowledge into the SAP database, create new SAP customers with elevated privileges, obtain password hashes, and modify enterprise processes.
“An entire system compromise with minimal effort required, the place profitable exploitation can simply result in fraud, knowledge theft, espionage, or the set up of ransomware,” SecurityBridge warned.Commercial. Scroll to proceed studying.
The safety agency stated it has not seen widespread exploitation, however organizations involved about assaults can examine logs for indicators of compromise (IoCs) resembling suspicious RFC calls, new admin customers, and surprising ABAP code adjustments.
It’s not unusual for risk actors to use SAP product vulnerabilities of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog presently consists of 14 SAP product flaws.
Associated: SAP Patches Crucial Flaws That May Enable Distant Code Execution, Full System Takeover
Associated: Organizations Warned of Exploited SAP, Gpac and D-Hyperlink Vulnerabilities
Associated: Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Assaults
