Input Sanitization Flaw in SAP Solution Manager Exposes System to Code Injection
CVE-2025-42887

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Solution Manager
Vendor: CVE Published:; 11 November 2025

Badges

📰 News Worthy

What is CVE-2025-42887?

The SAP Solution Manager is affected by a serious input sanitation flaw that allows authenticated attackers to insert malicious code via remote-enabled function modules. This vulnerability can potentially grant full control over the system, putting its confidentiality, integrity, and availability at significant risk. It is crucial for users to apply security updates as recommended to shield their systems from this risk.

Affected Version(s)

SAP Solution Manager ST 720

News Articles

BleepingComputer

CVE-2025-42890 CVE-2025-42887

SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform.

References

https://me.sap.com/notes/3668705

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by BleepingComputer
Nov 11, 2025
Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON