Malicious actors leverage a critical flaw in SAP S/4HANA system (CVE-2025-42957) for their advantage
In a recent development, a critical vulnerability known as CVE-2025-42957 has been identified in the SAP S/4HANA enterprise resource planning software. This vulnerability affects versions 102, 103, 104, 105, 106, 107, and 108 of the core Enterprise Management component S4CORE, both in Private Cloud and On-Premise environments.
According to SecurityBridge, attackers have already exploited this vulnerability, leaving unpatched SAP systems exposed. The researchers from SecurityBridge advise enterprise administrators to apply the provided patch, check for suspicious RFC calls, new admin users, or unexpected ABAP code changes to secure their systems.
On August 12, 2025, SAP released a patch for CVE-2025-42957, along with a number of other vulnerabilities. It is essential for administrators to promptly apply the patch to protect their systems from potential attacks.
The vulnerability, if exploited, could lead to full system compromise due to the injection of arbitrary ABAP code and bypassing essential authorization checks. However, it is worth noting that attackers must be authenticated as a low-privileged user to exploit this vulnerability.
The Dutch National Cyber Security Center (NCSC NL) has issued a warning about the vulnerability, urging administrators to take immediate action. To further secure their systems, administrators are advised to implement segmentation, backups, and SAP-specific monitoring.
While no publicly disclosed information specifies which companies exploited the SAP S/4HANA runtime environment vulnerability before the patch release in August 2025, security researchers from SecurityBridge have observed active attacks. However, the exact identities or names of exploiting companies are not confirmed or disclosed.
It is important to note that no public proof-of-concept (PoC) code or exploit for CVE-2025-42957 is currently available. However, SecurityBridge researchers have demonstrated the exploit for CVE-2025-42957. The process of reverse engineering the patch to create an exploit for CVE-2025-42997 is relatively easy for SAP ABAP.
The vulnerability effectively functions as a backdoor, creating the risk of full system compromise. It undermines the confidentiality, integrity, and availability of the system. The vulnerability is being exploited by attackers to a limited extent.
In conclusion, administrators are urged to apply the patch provided by SAP and implement additional security measures to protect their SAP S/4HANA systems from the CVE-2025-42957 vulnerability.
%20for%20their%20advantage){kind=link}