Plattform
sap
Komponente
sap-solution-manager
Behoben in
720.0.1
CVE-2025-42880 describes a critical remote code execution (RCE) vulnerability affecting SAP Solution Manager versions 720–ST 720. The vulnerability stems from insufficient input sanitization when calling remote-enabled function modules, enabling an authenticated attacker to inject and execute malicious code. Successful exploitation could lead to complete system compromise, impacting confidentiality, integrity, and availability. A patch is available from SAP to remediate this issue.
The impact of CVE-2025-42880 is severe. An authenticated attacker can leverage this vulnerability to execute arbitrary code on the SAP Solution Manager server. This grants them complete control over the system, allowing for data exfiltration, modification, or deletion. The attacker could also establish a persistent presence, pivoting to other systems within the network. Given SAP Solution Manager's role in managing and monitoring other SAP systems, a successful attack could have a cascading effect, impacting numerous critical business processes and potentially leading to widespread disruption. This vulnerability shares similarities with other function module injection flaws where lack of proper input validation allows for code execution.
CVE-2025-42880 is a high-priority vulnerability due to its CRITICAL CVSS score and potential for complete system compromise. Public proof-of-concept exploits are not yet widely available, but the vulnerability's ease of exploitation makes it a likely target for attackers. It was published on 2025-12-09. Monitor security advisories and threat intelligence feeds for any indications of active exploitation. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on SAP Solution Manager for system administration and monitoring are particularly at risk. Environments with weak authentication controls or inadequate network segmentation are also more vulnerable. Companies using SAP Solution Manager to manage critical business applications should prioritize patching this vulnerability.
• java / server:
grep -r "remote-enabled function module" /opt/sap/solution_manager/java/bin/• java / server:
journalctl -u sapcontrol -f | grep "Function Module Call"• generic web: Review SAP Solution Manager access logs for unusual function module calls originating from unexpected sources. • generic web: Monitor SAP Solution Manager system logs for errors or warnings related to input validation failures.
disclosure
Exploit-Status
EPSS
0.10% (27% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-42880 is to upgrade to a patched version of SAP Solution Manager as soon as possible. SAP has released a security note detailing the fix. If immediate patching is not feasible, consider implementing temporary workarounds such as restricting access to the vulnerable function modules to trusted users only. Network segmentation can also limit the potential blast radius of an attack. Implement strict input validation on all user-supplied data passed to function modules. Monitor system logs for suspicious activity related to function module calls, specifically looking for unusual code execution patterns. After upgrade, confirm by verifying the version number and reviewing SAP security notes for confirmation.
Aplicar las actualizaciones de seguridad proporcionadas por SAP para solucionar la vulnerabilidad de inyección de código. Consulte la nota SAP 3685270 para obtener más detalles e instrucciones específicas sobre cómo aplicar el parche correspondiente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-42880 is a critical remote code execution vulnerability in SAP Solution Manager 720, allowing authenticated attackers to inject malicious code and potentially gain full system control.
If you are running SAP Solution Manager version 720–ST 720, you are potentially affected by this vulnerability. Check SAP security notes for specific affected components.
The recommended fix is to upgrade to a patched version of SAP Solution Manager as detailed in the official SAP security note. Implement temporary workarounds if immediate patching is not possible.
While public exploits are not widely available, the vulnerability's severity and ease of exploitation suggest it is a likely target for attackers. Monitor threat intelligence feeds for updates.
Refer to the official SAP Security Notes published on the SAP Support Portal for detailed information and remediation steps.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.