Platform
sap
Component
sap-s-4hana
Fixed in
4.0.1
103.0.1
104.0.1
105.0.1
106.0.1
107.0.1
108.0.1
CVE-2025-27429 is a critical code injection vulnerability affecting SAP S/4HANA version 102. An attacker with user privileges can exploit a flaw in a function module exposed through RFC to inject arbitrary ABAP code, effectively creating a backdoor. This allows for complete system compromise, jeopardizing the confidentiality, integrity, and availability of sensitive data and business processes. A patch is available from SAP to remediate this issue.
The impact of CVE-2025-27429 is severe. Successful exploitation allows an attacker to execute arbitrary ABAP code within the SAP S/4HANA system. This effectively grants them complete control, bypassing standard authorization mechanisms. Attackers could steal sensitive data such as financial records, customer information, and intellectual property. They could also modify data, disrupt business operations, or install persistent backdoors for future access. The ability to inject arbitrary code makes this vulnerability particularly dangerous, as it allows for a wide range of malicious activities, similar to the impact of remote code execution vulnerabilities. The system's integrity is fundamentally compromised.
CVE-2025-27429 was publicly disclosed on April 8, 2025. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of exploitation (requiring only user privileges) makes it a likely target for attackers. It is recommended to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns. This vulnerability has not yet been added to the CISA KEV catalog.
Exploit Status
EPSS
0.39% (60% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-27429 is to upgrade to a patched version of SAP S/4HANA as soon as possible. SAP has released a security patch to address this vulnerability. If immediate patching is not feasible, consider restricting access to the vulnerable RFC function module. Implement strict input validation on any data passed to the function module to prevent malicious code injection. Monitor system logs for suspicious activity, particularly attempts to access or execute the vulnerable function module. After applying the patch, verify the fix by attempting to trigger the vulnerability using a controlled test case and confirming that the code injection is prevented.
Apply the security updates provided by SAP to correct the code injection vulnerability. Refer to SAP Note 3581961 for detailed instructions on applying the patch relevant to your SAP S/4HANA version. It is crucial to perform thorough testing in a development environment before applying the update in production.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-27429 is a critical vulnerability in SAP S/4HANA 102 that allows attackers with user privileges to inject arbitrary ABAP code, potentially leading to full system compromise.
If you are running SAP S/4HANA version 102, you are potentially affected by this vulnerability. Check SAP's security notes for confirmation and remediation steps.
The recommended fix is to upgrade to a patched version of SAP S/4HANA as soon as possible. Refer to SAP's security notes for specific patch details.
While no public exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks. Continuous monitoring is crucial.
Refer to the official SAP Security Notes on the SAP Support Portal for the latest information and advisory regarding CVE-2025-27429.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.