Arbitrary Code Injection Vulnerability in SAP S/4HANA
CVE-2025-27429
9.9CRITICAL
What is CVE-2025-27429?
SAP S/4HANA is vulnerable due to a flaw in the function module exposed via Remote Function Call (RFC), allowing authenticated users to inject arbitrary ABAP code. This breach bypasses vital authorization checks, effectively acting as a backdoor to the system. The vulnerability poses significant risks including potential system compromise, undermining the system's confidentiality, integrity, and availability.
Affected Version(s)
SAP S/4HANA (Private Cloud) S4CORE 102
SAP S/4HANA (Private Cloud) 103
SAP S/4HANA (Private Cloud) 104