Ethical Hacking News
A critical security vulnerability has been discovered in SAP S/4HANA, allowing attackers to compromise the system with minimal effort. With CVSS score 9.9, this vulnerability poses a significant threat to enterprise security. Organizations must take immediate action to patch their systems and implement measures to prevent potential damage.
The SAP S/4HANA system has been hit by a critical security vulnerability (CVE-2025-42957) with a CVSS score of 9.9, posing significant threats to confidentiality, integrity, and availability. The flaw allows an attacker with user privileges to inject arbitrary ABAP code into the system, bypassing authorization checks. Exploitation requires access only to a low-privileged user, making it easy for attackers to compromise SAP systems. Organizations are advised to apply patches immediately and monitor logs for suspicious RFC calls or new admin users. Implementing SAP UCON to restrict RFC usage and reviewing authorization object S_DMIS activity 02 can reduce the risk of exploitation.
SAP S/4HANA, a widely used Enterprise Resource Planning (ERP) software, has recently been hit by a critical security vulnerability that is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-42957 with a CVSS score of 9.9, poses a significant threat to the confidentiality, integrity, and availability of SAP systems.
According to the NIST National Vulnerability Database (NVD), the flaw allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. In essence, this means that an attacker can modify the SAP database, create superuser accounts with SAP_ALL privileges, download password hashes, and alter business processes.
The SecurityBridge Threat Research Labs has observed active exploitation of the flaw, stating that it impacts both on-premise and Private Cloud editions. Notably, exploitation requires access only to a low-privileged user to fully compromise an SAP system. This means that even with minimal effort, successful exploitation can easily lead to fraud, data theft, espionage, or the installation of ransomware.
While widespread exploitation has not yet been detected, threat actors possess the knowledge to use it, and reverse engineering the patch to create an exploit is "relatively easy." As a result, organizations are advised to apply the patches as soon as possible. Monitoring logs for suspicious RFC calls or new admin users is also crucial. Furthermore, ensuring appropriate segmentation and backups in place can help mitigate potential damage.
It is recommended that SAP UCON be implemented to restrict RFC usage and review and restrict access to authorization object S_DMIS activity 02. This measure can significantly reduce the risk of successful exploitation.
In conclusion, the SAP S/4HANA critical vulnerability presents a significant threat to enterprise security. Organizations must take immediate action to patch their systems, monitor logs closely, and ensure that appropriate measures are in place to prevent potential damage.
Related Information:
https://www.ethicalhackingnews.com/articles/The-SAP-S4HANA-Critical-Vulnerability-A-Threat-to-Enterprise-Security-ehn.shtml
https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html
https://securitybridge.com/blog/critical-sap-s-4hana-code-injection-vulnerability-cve-2025-42957/
https://nvd.nist.gov/vuln/detail/CVE-2025-42957
https://www.cvedetails.com/cve/CVE-2025-42957/
Published: Fri Sep 5 07:19:54 2025 by llama3.2 3B Q4_K_M
