Plateforme
sap
Composant
sap-landscape-transformation-analysis-platform
Corrigé dans
2011.0.1
2011.0.1
2011.0.1
2011.0.1
CVE-2025-31330 represents a critical Remote Code Execution (RCE) vulnerability within the SAP Landscape Transformation (Analysis Platform). This flaw allows an authenticated attacker to inject malicious ABAP code, effectively creating a backdoor and potentially leading to complete system takeover. The vulnerability affects versions of the Analysis Platform up to and including DMIS 20111700. SAP has not yet released a patch, requiring immediate mitigation strategies.
The impact of CVE-2025-31330 is severe. Successful exploitation grants an attacker the ability to execute arbitrary code on the SAP system with the privileges of the authenticated user. This can lead to unauthorized access to sensitive data, modification of critical system configurations, and complete compromise of the SAP environment. The injection of ABAP code bypasses standard authorization checks, making it particularly dangerous. Given the critical nature of SAP systems in many organizations, this vulnerability poses a significant risk of data breaches, operational disruption, and financial loss. The ability to execute arbitrary code effectively provides the attacker with root-level access, enabling them to move laterally within the network and potentially compromise other connected systems.
CVE-2025-31330 was publicly disclosed on 2025-04-08. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of code injection and the potential for complete system compromise suggest that it is likely to become a target for attackers. The vulnerability has not yet been added to the CISA KEV catalog, but its severity warrants close monitoring. Active campaigns targeting SAP systems are common, and this vulnerability presents a particularly attractive target.
Organizations heavily reliant on SAP systems for critical business processes are at significant risk. Specifically, deployments utilizing older versions of the Analysis Platform (≤DMIS 20111700) are particularly vulnerable. Companies with limited security resources or those lacking robust access control policies are also at increased risk, as they may struggle to implement the necessary mitigations effectively.
• linux / server:
journalctl -u saprouter -f | grep -i "RFC_CALL_FUNCTION"• generic web:
curl -I <SAP_RFC_ENDPOINT>• database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly affect databases. • windows / supply-chain: N/A - This vulnerability does not directly affect Windows systems. • wordpress / composer / npm: N/A - This vulnerability does not directly affect WordPress or related components.
disclosure
Statut de l'Exploit
EPSS
0.39% (percentile 60%)
CISA SSVC
Vecteur CVSS
Due to the lack of a patch, immediate mitigation is crucial. The primary strategy involves restricting RFC access to the vulnerable function module. Implement strict access controls, limiting access to only authorized users and systems. Consider using a Web Application Firewall (WAF) or proxy to filter incoming RFC requests, blocking those containing suspicious patterns or payloads. Regularly monitor system logs for unusual activity or attempts to exploit the vulnerability. While a patch is pending, implementing these workarounds can significantly reduce the attack surface. After implementing these mitigations, verify their effectiveness by attempting to trigger the vulnerability with a controlled test payload, ensuring that access is properly restricted.
Aplique las actualizaciones y parches proporcionados por SAP para corregir la vulnerabilidad de inyección de código. Consulte la nota SAP 3587115 para obtener instrucciones detalladas sobre cómo aplicar la solución. Restrinja el acceso a la función vulnerable a usuarios de confianza.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-31330 is a critical Remote Code Execution vulnerability in SAP Landscape Transformation (Analysis Platform) versions up to DMIS 20111700, allowing attackers to inject ABAP code and potentially compromise the entire system.
You are affected if you are using SAP Landscape Transformation (Analysis Platform) version DMIS 20111700 or earlier. Immediate mitigation steps are required.
A patch is currently unavailable. Mitigate by restricting RFC access to the vulnerable function module, implementing WAF rules, and monitoring system logs.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high likelihood of active exploitation.
Refer to the official SAP Security Notes for the latest information and updates regarding CVE-2025-31330: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.