A critical security flaw has been identified in SAP S/4HANA, a leading enterprise resource planning (ERP) system, which is currently being actively exploited by cyber attackers. This vulnerability, designated as CVE-2025-42957, has been assigned a CVSS score of 9.9 out of 10, indicating its high severity. It affects all versions of S/4HANA, both on-premise and in private cloud environments.
Discovery and Exploitation
The vulnerability was uncovered by researchers at SecurityBridge Threat Research Labs, who have confirmed that malicious actors are already leveraging this flaw to compromise systems. SAP responded by releasing a patch on August 11, 2025, and security experts are strongly advising all organizations using S/4HANA to apply these updates without delay.
Nature of the Vulnerability
CVE-2025-42957 is an ABAP code injection vulnerability. Exploitation of this flaw allows attackers to gain full administrative privileges, enabling them to access the underlying operating system and take complete control over all data within the SAP system. The potential consequences are severe, including the theft of sensitive business information, financial fraud, corporate espionage, and the deployment of ransomware.
An attacker exploiting this vulnerability could perform actions such as deleting or inserting data directly into the database, creating new administrator accounts with SAP_ALL privileges, downloading password hashes, and modifying core business processes with minimal effort.
Ease of Exploitation
One of the most concerning aspects of CVE-2025-42957 is its low attack complexity. An attacker only needs access to a low-privileged user account, which could be obtained through phishing or other common methods. From there, they can exploit the flaw over the network without any user interaction, escalating their privileges to achieve a full system compromise.
SecurityBridge, which responsibly disclosed the vulnerability to SAP on June 27, 2025, warns that unpatched systems are exposed to immediate risk. Because SAP’s ABAP code is open, reverse engineering the patch to create a working exploit is a relatively simple task for skilled attackers.
Mitigation Strategies
To protect against this critical vulnerability, security experts recommend the following actions:
– Immediate Patching: Apply SAP’s August 2025 security updates, specifically SAP Notes 3627998 and 3633838, without delay.
– Access Review: Restrict access to the S_DMIS authorization object and consider implementing SAP UCON to limit Remote Function Call (RFC) usage.
– System Monitoring: Actively monitor system logs for suspicious RFC calls, the creation of new high-privilege users, or unexpected changes to ABAP code.
– Defense Hardening: Ensure robust system segmentation, maintain regular backups, and deploy SAP-specific security monitoring solutions to detect and respond to attacks.
Broader Context
This vulnerability is part of a series of critical security issues identified in SAP systems in recent months. For instance, in April 2025, SAP released a security update addressing multiple code injection vulnerabilities, including CVE-2025-27429, which also carried a CVSS score of 9.9. Similarly, in August 2025, SAP addressed 15 new vulnerabilities, including three critical code injection flaws affecting core SAP S/4HANA systems and the SAP Landscape Transformation platform.
The exploitation of these vulnerabilities has been linked to various threat actors. Notably, the Chinese threat actor Chaya_004 has been observed leveraging SAP vulnerabilities to deploy web shells and gain persistent access to compromised systems. Additionally, the Russian Ransomware-as-a-Service group Qilin exploited SAP zero-day vulnerabilities weeks before their public disclosure, demonstrating the increasing sophistication of cybercriminals targeting SAP environments.
Conclusion
The active exploitation of CVE-2025-42957 underscores the critical importance of timely patching and robust security practices for organizations using SAP S/4HANA. Given the potential for complete system compromise and the severe consequences that can follow, it is imperative for organizations to implement the recommended mitigation strategies promptly.
