A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.
SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions.
According to SecurityBridge Threat Research Labs, which originally spotted and disclosed the vulnerability to SAP, the team “verified actual abuse of this vulnerability.” It doesn’t appear to be widespread (yet), but the consequences of this flaw are especially severe.
“For example, SecurityBridge’s team demonstrated in a lab environment how an attacker could create a new SAP superuser account (with SAP_ALL privileges) and directly manipulate critical business data,” the researchers said in a Thursday write-up alongside a video demo of the exploit.
It’s low-complexity to exploit. The bug enables a user to inject arbitrary ABAP code into the system, thus bypassing authorization checks and essentially creating a backdoor that allows full system compromise, data theft, and operational disruption. In other words: it’s effectively game over.
[…]
Source: Critical, make-me-super-user SAP S/4HANA bug being exploited • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft