Platform
sap
Component
sap-landscape-transformation-analysis-platform
Fixed in
2011.0.1
2011.0.1
2011.0.1
2011.0.1
CVE-2025-31330 represents a critical Remote Code Execution (RCE) vulnerability within the SAP Landscape Transformation (Analysis Platform). This flaw allows an authenticated attacker to inject malicious ABAP code, effectively creating a backdoor and potentially leading to complete system takeover. The vulnerability affects versions of the Analysis Platform up to and including DMIS 20111700. SAP has not yet released a patch, requiring immediate mitigation strategies.
The impact of CVE-2025-31330 is severe. Successful exploitation grants an attacker the ability to execute arbitrary code on the SAP system with the privileges of the authenticated user. This can lead to unauthorized access to sensitive data, modification of critical system configurations, and complete compromise of the SAP environment. The injection of ABAP code bypasses standard authorization checks, making it particularly dangerous. Given the critical nature of SAP systems in many organizations, this vulnerability poses a significant risk of data breaches, operational disruption, and financial loss. The ability to execute arbitrary code effectively provides the attacker with root-level access, enabling them to move laterally within the network and potentially compromise other connected systems.
CVE-2025-31330 was publicly disclosed on 2025-04-08. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of code injection and the potential for complete system compromise suggest that it is likely to become a target for attackers. The vulnerability has not yet been added to the CISA KEV catalog, but its severity warrants close monitoring. Active campaigns targeting SAP systems are common, and this vulnerability presents a particularly attractive target.
Exploit Status
EPSS
0.39% (60% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a patch, immediate mitigation is crucial. The primary strategy involves restricting RFC access to the vulnerable function module. Implement strict access controls, limiting access to only authorized users and systems. Consider using a Web Application Firewall (WAF) or proxy to filter incoming RFC requests, blocking those containing suspicious patterns or payloads. Regularly monitor system logs for unusual activity or attempts to exploit the vulnerability. While a patch is pending, implementing these workarounds can significantly reduce the attack surface. After implementing these mitigations, verify their effectiveness by attempting to trigger the vulnerability with a controlled test payload, ensuring that access is properly restricted.
Apply the updates and patches provided by SAP to fix the code injection vulnerability. Refer to SAP note 3587115 for detailed instructions on how to apply the fix. Restrict access to the vulnerable function to trusted users.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31330 is a critical Remote Code Execution vulnerability in SAP Landscape Transformation (Analysis Platform) versions up to DMIS 20111700, allowing attackers to inject ABAP code and potentially compromise the entire system.
You are affected if you are using SAP Landscape Transformation (Analysis Platform) version DMIS 20111700 or earlier. Immediate mitigation steps are required.
A patch is currently unavailable. Mitigate by restricting RFC access to the vulnerable function module, implementing WAF rules, and monitoring system logs.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high likelihood of active exploitation.
Refer to the official SAP Security Notes for the latest information and updates regarding CVE-2025-31330: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.