ABAP Code Injection Vulnerability in SAP S/4HANA by SAP
CVE-2025-42957

9.9CRITICAL

Key Information:

Vendor

SAP
Status
SAP S/4hana (private Cloud Or On-premise)
Vendor
CVE Published:
12 August 2025

Badges

📈 Trended📈 Score: 2,080👾 Exploit Exists📰 News Worthy

What is CVE-2025-42957?

CVE-2025-42957 is a significant vulnerability that affects SAP S/4HANA, which is an enterprise resource planning (ERP) suite designed to help organizations manage their business processes and operations. This vulnerability enables an attacker with certain user privileges to manipulate the system by injecting arbitrary ABAP code through a function module accessed via Remote Function Call (RFC). Such exploitation occurs by bypassing crucial authorization checks, effectively creating a backdoor for malicious activities. The implications of this vulnerability are severe, as it can lead to unauthorized control over the system, compromising the confidentiality, integrity, and availability of sensitive organizational data.

Potential impact of CVE-2025-42957

  1. Full System Compromise: The ability to execute arbitrary ABAP code can allow attackers to gain complete control over the SAP S/4HANA environment, which could lead to extensive data breaches and unauthorized transactions within an organization’s financial and operational systems.

  2. Undermined Data Integrity and Confidentiality: With this vulnerability, attackers can manipulate or exfiltrate sensitive data within the system. Such breaches can lead to loss of sensitive information and the integrity of critical business operations being significantly compromised.

  3. Increased Risk of Secondary Attacks: By establishing a backdoor via this vulnerability, attackers can enable the installation of additional malicious tools or malware, potentially leading to further exploitation of the network and systems connected to SAP S/4HANA. This escalation of attacks poses a broader threat to the organization’s cybersecurity posture.

Affected Version(s)

SAP S/4HANA (Private Cloud or On-Premise) S4CORE 102

SAP S/4HANA (Private Cloud or On-Premise) 103

SAP S/4HANA (Private Cloud or On-Premise) 104

News Articles

Critical SAP S/4HANA Vulnerability Under Attack

Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.

favicon imageBleepingComputer

Critical SAP S/4HANA vulnerability now exploited in attacks

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn.

favicon imageThe Hacker News

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

CVE-2025-42957 in SAP S/4HANA exploited with CVSS 9.9 severity, enabling full system compromise.

References

https://me.sap.com/notes/3627998
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

JSON
.