Exploitation of CVE-2025-42957 in SAP S/4HANA

Successful exploitation could allow a remote attacker with user privileges to inject ABAP code into the system

Threat ID:: CC-4697
Threat Severity:: Medium
Published:: 8 September 2025 11:42 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation could allow a remote attacker with user privileges to inject ABAP code into the system

Affected platforms

The following platforms are known to be affected:

SAP S/4HANA

Threat details

Exploitation of CVE-2025-42957

CVE-2025-42957 has been observed exploited in the wild. The NHS England National CSOC assesses further exploitation as likely.

Introduction

In August, SAP released a security update for S/4HANA to address a critical vulnerability which, if exploited, could lead to arbitrary code injection.

CVE-2025-42957 - Arbitrary Code Injection Vulnerability - CVSSv3 score: 9.9

Remediation advice

Affected organisations are encouraged to review the SAP Security Note 3627998 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://me.sap.com/notes/3627998

CVE Vulnerabilities

Status Published

CVE-2025-42957

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

Last edited: 8 September 2025 11:42 am