Researchers have warned that an important SAP S/4hana code injection vulnerability is being leveraged to dissolve the server exposed in attacks in the wild.
Dosual, tracked as Cve-2025-42957The RFC-exposed function module of SAP S/4HANA has an ABAP code injection problem, allowing low-owned authentication users to inject arbitrary code, bypass authority and take it completely to SAP.
Seller Decide On August 11, 2025, it is a significant rating (CVSS Score: 9.9).
However, many systems have not implemented the available security updates, and are now being targeted by hackers who have made bugs weapons.
According to a report by Securitybridge, CVE-2025-42957 is now active, although limited, subjected to exploitation in the wild.
Securitybridge said it discovered vulnerability and reported responsibly to the SAP on 27 June 2025, and even assisted in the development of a patch.
However, due to the openness of the affected components and the ability to reverse the engineer, it is trivial for highly efficient, knowledgeable danger actors who detect self -exploitation.
“While comprehensive exploitation has not yet been reported, the security person has verified the actual misuse of this vulnerability,” Securitybridge reads report,
“This means that the attackers already know how it is used – to highlight the unpassed SAP system.”
“In addition, reverse engineering is relatively easy for the patch to create an exploitation, as the ABAP code is open to see for all.”
The security firm warned that the possible impacts of CVE-2025-42957 Exploitation include data theft, data manipulation, code injections, backward accounts, credential theft, and operating disintegrations through malware, ransomware, or other means.
Securitybridge made a video that shown how vulnerability can be exploited to run a system command on the SAP server.
https://www.youtube.com/watch?v=Snsayb7SMM
SAP Administrators who have not implemented the August 2025 Patch Day update should do so as soon as possible.
The affected products and versions are:
- S/4hana (Private Cloud or On-Emination), Version S4Core 102, 103, 104, 105, 106, 107, 108
- Landscape Transformation (Analysis Forum), DMIS version 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
- Business One (SLD), version B1_on_hana 10.0 and SAP-M-BO 10.0
- Netweaver Application Server ABAP (BIC Documents), Edition S4Coreop 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 604, 605, 634, 736, 746, 747, 747, 748
There is a bulletin with more information about recommended tasks Available hereBut only SAP is worth viewing with an account by customers.
Bleepingcomputer contacted SAP and Securitybridge how to ask how CVE-2025-42957 is being exploited, but we are still waiting for the response.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
