Remote Code Execution Vulnerability in SAP S/4HANA and SCM
CVE-2025-42967

9.1CRITICAL

What is CVE-2025-42967?

A remote code execution vulnerability exists in the Characteristic Propagation feature of SAP S/4HANA and SAP SCM. This vulnerability enables an attacker with elevated privileges to execute arbitrary code in the SAP environment, potentially allowing them to take full control of the affected system. Such an attack can severely compromise the confidentiality, integrity, and availability of critical business applications, necessitating immediate attention and remediation to protect organizational assets.

Affected Version(s)

SAP S/4HANA and SAP SCM (Characteristic Propagation) SCMAPO 713

SAP S/4HANA and SAP SCM (Characteristic Propagation) 714

SAP S/4HANA and SAP SCM (Characteristic Propagation) S4CORE 102

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42967 : Remote Code Execution Vulnerability in SAP S/4HANA and SCM