Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Critical SAP S/4HANA Vulnerability Now Exploited in Attacks: A Growing Concern for Enterprise Security



A critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) is now being actively exploited in attacks, putting the security of enterprise systems at risk. The vendor has fixed the vulnerability, but many systems have not applied the necessary updates. This article provides an in-depth look at the vulnerability and its potential ramifications for organizations using SAP S/4HANA.

  • SAP S/4HANA is vulnerable to a critical code injection bug (CVE-2025-42957) that allows attackers to bypass authorization and fully take over SAP systems.
  • The vulnerability was discovered in June 2025, but has already been actively exploited in attacks since its release on August 11, 2025.
  • Several systems have not applied the available security updates, making them vulnerable to exploitation.
  • Potential ramifications of this exploitation include data theft, code injection, privilege escalation, credential theft, and operational disruption through malware or ransomware.
  • Affected products and versions are specific SAP S/4HANA, Landscape Transformation, Business One, and NetWeaver Application Server ABAP.
  • SecurityBridge has warned that actual abuse of the vulnerability has already been verified, and reverse engineering the patch to create an exploit is relatively easy for SAP ABAP users.
  • SAP administrators are advised to apply the August 2025 Patch Day updates as soon as possible to prevent potential attacks.



    • SAP S/4HANA is a leading enterprise resource planning (ERP) solution used by numerous organizations worldwide. The system offers a comprehensive set of features to manage various aspects of business operations, including financial management, human capital management, and supply chain management. However, like any complex software, SAP S/4HANA has its share of vulnerabilities.

    In a recent development, researchers have discovered that the SAP S/4HANA code injection vulnerability (CVE-2025-42957) is now being actively exploited in attacks. This critical vulnerability allows low-privileged authentication users to inject arbitrary code, bypass authorization, and fully take over SAP systems. The vendor, SAP, had fixed the vulnerability on August 11, 2025, but several systems have not applied the available security updates.

    As a result, hackers are now weaponizing the bug to breach exposed servers. According to SecurityBridge, a cybersecurity firm that reported the vulnerability to SAP on June 27, 2025, and assisted in developing a patch, CVE-2025-42957 is currently under active exploitation in the wild. The potential ramifications of this exploitation include data theft, data manipulation, code injection, privilege escalation through the creation of backdoor accounts, credential theft, and operational disruption through malware, ransomware, or other means.

    The affected products and versions are SAP S/4HANA (Private Cloud or On-Premise), versions S4CORE 102, 103, 104, 105, 106, 107, 108; Landscape Transformation (Analysis Platform), DMIS versions 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020; Business One (SLD), version B1_ON_HANA 10.0 and SAP-M-BO 10.0; and NetWeaver Application Server ABAP (BIC Document), versions S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747, 748.

    SecurityBridge, the firm that discovered and reported the vulnerability to SAP, has warned that while widespread exploitation has not yet been reported, actual abuse of this vulnerability has already been verified. This means that attackers already know how to use the bug to breach unpatched SAP systems. The security firm also noted that reverse engineering the patch to create an exploit is relatively easy for SAP ABAP, as the ABAP code is open to see for everyone.

    SAP administrators who have not applied the August 2025 Patch Day updates yet are advised to do so as soon as possible to prevent potential attacks. In the meantime, it is essential for organizations to conduct a thorough risk assessment and implement additional security measures to protect their SAP S/4HANA systems.

    The discovery of this critical vulnerability highlights the importance of regular software updates, patch management, and cybersecurity best practices. It also underscores the need for organizations to stay vigilant and proactive in addressing potential security threats.

    In conclusion, the exploitation of CVE-2025-42957 has significant implications for enterprise security, particularly those using SAP S/4HANA systems. Organizations must take immediate action to address this vulnerability and ensure that their systems are protected against potential attacks.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Critical-SAP-S4HANA-Vulnerability-Now-Exploited-in-Attacks-A-Growing-Concern-for-Enterprise-Security-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/critical-sap-s-4hana-vulnerability-now-exploited-in-attacks/

  • https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html


    • Published: Fri Sep 5 09:48:52 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us