Platform
sap
Component
sap-solution-manager
Fixed in
720.0.1
CVE-2025-42880 describes a critical remote code execution (RCE) vulnerability affecting SAP Solution Manager versions 720–ST 720. The vulnerability stems from insufficient input sanitization when calling remote-enabled function modules, enabling an authenticated attacker to inject and execute malicious code. Successful exploitation could lead to complete system compromise, impacting confidentiality, integrity, and availability. A patch is available from SAP to remediate this issue.
The impact of CVE-2025-42880 is severe. An authenticated attacker can leverage this vulnerability to execute arbitrary code on the SAP Solution Manager server. This grants them complete control over the system, allowing for data exfiltration, modification, or deletion. The attacker could also establish a persistent presence, pivoting to other systems within the network. Given SAP Solution Manager's role in managing and monitoring other SAP systems, a successful attack could have a cascading effect, impacting numerous critical business processes and potentially leading to widespread disruption. This vulnerability shares similarities with other function module injection flaws where lack of proper input validation allows for code execution.
CVE-2025-42880 is a high-priority vulnerability due to its CRITICAL CVSS score and potential for complete system compromise. Public proof-of-concept exploits are not yet widely available, but the vulnerability's ease of exploitation makes it a likely target for attackers. It was published on 2025-12-09. Monitor security advisories and threat intelligence feeds for any indications of active exploitation. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-42880 is to upgrade to a patched version of SAP Solution Manager as soon as possible. SAP has released a security note detailing the fix. If immediate patching is not feasible, consider implementing temporary workarounds such as restricting access to the vulnerable function modules to trusted users only. Network segmentation can also limit the potential blast radius of an attack. Implement strict input validation on all user-supplied data passed to function modules. Monitor system logs for suspicious activity related to function module calls, specifically looking for unusual code execution patterns. After upgrade, confirm by verifying the version number and reviewing SAP security notes for confirmation.
Apply the security updates provided by SAP to resolve the code injection vulnerability. Refer to SAP Note 3685270 for more details and specific instructions on how to apply the corresponding patch.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-42880 is a critical remote code execution vulnerability in SAP Solution Manager 720, allowing authenticated attackers to inject malicious code and potentially gain full system control.
If you are running SAP Solution Manager version 720–ST 720, you are potentially affected by this vulnerability. Check SAP security notes for specific affected components.
The recommended fix is to upgrade to a patched version of SAP Solution Manager as detailed in the official SAP security note. Implement temporary workarounds if immediate patching is not possible.
While public exploits are not widely available, the vulnerability's severity and ease of exploitation suggest it is a likely target for attackers. Monitor threat intelligence feeds for updates.
Refer to the official SAP Security Notes published on the SAP Support Portal for detailed information and remediation steps.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.