328/68 Monday, September 8, 2025
Cybersecurity researchers have issued a warning regarding CVE-2025-42957, a vulnerability with a CVSS score of 9.9 in SAP S/4HANA, which has been confirmed to be actively exploited. The flaw is a command injection issue that allows attackers to inject ABAP code while bypassing authentication checks, enabling full control over SAP systems. Potential impacts include modifying databases, creating superuser accounts, and stealing password hashes.
The vulnerability affects all versions of SAP S/4HANA, both Private Cloud and On-Premise. Even low-privileged accounts can exploit it to escalate privileges and gain full system access. Although SAP released a patch on August 11, 2025, researchers at SecurityBridge Threat Research Labs have confirmed that exploitation is already occurring, putting unpatched systems at immediate risk.
Experts warn that attacks can be executed remotely over the network without requiring user interaction, and due to the low complexity of the exploit, the risk of data theft, ransomware deployment, and business espionage is significantly heightened. Organizations running SAP are strongly advised to apply the patch immediately, review system logs, and monitor for suspicious activity to mitigate potential damage.
