Remote Code Execution Vulnerability in SAP S/4HANA and SCM
CVE-2025-42967
9.1CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42967?
A remote code execution vulnerability exists in the Characteristic Propagation feature of SAP S/4HANA and SAP SCM. This vulnerability enables an attacker with elevated privileges to execute arbitrary code in the SAP environment, potentially allowing them to take full control of the affected system. Such an attack can severely compromise the confidentiality, integrity, and availability of critical business applications, necessitating immediate attention and remediation to protect organizational assets.
Affected Version(s)
SAP S/4HANA and SAP SCM (Characteristic Propagation) SCMAPO 713
SAP S/4HANA and SAP SCM (Characteristic Propagation) 714
SAP S/4HANA and SAP SCM (Characteristic Propagation) S4CORE 102