Recent SAP S/4HANA Vulnerability Exploited in Attacks

Recent SAP S/4HANA Vulnerability Exploited in Attacks

Posted on By CWS

A not too long ago patched SAP S/4HANA vulnerability tracked as CVE-2025-42957 is being exploited within the wild, SAP safety options supplier SecurityBridge warned on Thursday.

The vulnerability was mounted by SAP in its enterprise useful resource planning (ERP) software program in August, after being responsibly disclosed to the seller by SecurityBridge in late June. 

CVE-2025-42957 has been assigned a ‘essential’ severity ranking and it could possibly enable an attacker with low privileges to execute arbitrary code and take full management of the affected SAP system. 

SecurityBridge is warning organizations in regards to the exploitation of the vulnerability, however the safety firm’s director of analysis, Joris van de Vis, informed SecurityWeek that they aren’t disclosing additional particulars on the assaults presently. 

Van de Vis did verify that SecurityBridge has seen malicious exploitation of CVE-2025-42957 in buyer environments, noting that the corporate is conscious of a number of exploits.

The professional additionally identified that the vulnerability “is of comparatively low complexity” and “expert professionals with good SAP and/or safety experience can readily develop working exploits”.

SecurityBridge stated in its weblog submit that profitable exploitation of the flaw can allow an attacker to delete knowledge from or insert knowledge into the SAP database, create new SAP customers with elevated privileges, obtain password hashes, and modify enterprise processes. 

“An entire system compromise with minimal effort required, the place profitable exploitation can simply result in fraud, knowledge theft, espionage, or the set up of ransomware,” SecurityBridge warned.Commercial. Scroll to proceed studying.

The safety agency stated it has not seen widespread exploitation, however organizations involved about assaults can examine logs for indicators of compromise (IoCs) resembling suspicious RFC calls, new admin customers, and surprising ABAP code adjustments.

It’s not unusual for risk actors to use SAP product vulnerabilities of their assaults. CISA’s Recognized Exploited Vulnerabilities (KEV) catalog presently consists of 14 SAP product flaws. 

Associated: SAP Patches Crucial Flaws That May Enable Distant Code Execution, Full System Takeover

Associated: Organizations Warned of Exploited SAP, Gpac and D-Hyperlink Vulnerabilities

Associated: Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Assaults

Security Week News Tags:, , , ,

Related Posts

Cisco Routers Hacked for Rootkit Deployment Cisco Routers Hacked for Rootkit Deployment Security Week News
Security Analytics Firm Vega Emerges From Stealth With M in Funding  Security Analytics Firm Vega Emerges From Stealth With $65M in Funding  Security Week News
Fraud: A Growth Industry Powered by Gen-AI Fraud: A Growth Industry Powered by Gen-AI Security Week News
The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore Security Week News
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm Security Week News
VMware Flaws That Earned Hackers 0,000 at Pwn2Own Patched VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched Security Week News