Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
翻訳中…プラットフォーム
sap
コンポーネント
sap-landscape-transformation-analysis-platform
修正版
2011.0.1
2011.0.1
2011.0.1
2011.0.1
CVE-2025-31330 represents a critical Remote Code Execution (RCE) vulnerability within the SAP Landscape Transformation (Analysis Platform). This flaw allows an authenticated attacker to inject malicious ABAP code, effectively creating a backdoor and potentially leading to complete system takeover. The vulnerability affects versions of the Analysis Platform up to and including DMIS 20111700. SAP has not yet released a patch, requiring immediate mitigation strategies.
影響と攻撃シナリオ翻訳中…
The impact of CVE-2025-31330 is severe. Successful exploitation grants an attacker the ability to execute arbitrary code on the SAP system with the privileges of the authenticated user. This can lead to unauthorized access to sensitive data, modification of critical system configurations, and complete compromise of the SAP environment. The injection of ABAP code bypasses standard authorization checks, making it particularly dangerous. Given the critical nature of SAP systems in many organizations, this vulnerability poses a significant risk of data breaches, operational disruption, and financial loss. The ability to execute arbitrary code effectively provides the attacker with root-level access, enabling them to move laterally within the network and potentially compromise other connected systems.
悪用の状況翻訳中…
CVE-2025-31330 was publicly disclosed on 2025-04-08. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of code injection and the potential for complete system compromise suggest that it is likely to become a target for attackers. The vulnerability has not yet been added to the CISA KEV catalog, but its severity warrants close monitoring. Active campaigns targeting SAP systems are common, and this vulnerability presents a particularly attractive target.
リスク対象者翻訳中…
Organizations heavily reliant on SAP systems for critical business processes are at significant risk. Specifically, deployments utilizing older versions of the Analysis Platform (≤DMIS 20111700) are particularly vulnerable. Companies with limited security resources or those lacking robust access control policies are also at increased risk, as they may struggle to implement the necessary mitigations effectively.
検出手順翻訳中…
• linux / server:
journalctl -u saprouter -f | grep -i "RFC_CALL_FUNCTION"• generic web:
curl -I <SAP_RFC_ENDPOINT>• database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly affect databases. • windows / supply-chain: N/A - This vulnerability does not directly affect Windows systems. • wordpress / composer / npm: N/A - This vulnerability does not directly affect WordPress or related components.
攻撃タイムライン
- Disclosure
disclosure
脅威インテリジェンス
エクスプロイト状況
EPSS
0.39% (60% パーセンタイル)
CISA SSVC
CVSS ベクトル
これらのメトリクスの意味は?
- Attack Vector
- ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
- Attack Complexity
- 低 — 特別な条件不要。安定して悪用可能。
- Privileges Required
- 低 — 有効なユーザーアカウントがあれば十分。
- User Interaction
- なし — 自動かつ無音の攻撃。被害者は何もしない。
- Scope
- 変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
- Confidentiality
- 高 — 機密性の完全喪失。全データが読み取り可能。
- Integrity
- 高 — 任意のデータの書き込み・変更・削除が可能。
- Availability
- 高 — 完全なクラッシュまたはリソース枯渇。完全なサービス拒否。
影響を受けるソフトウェア
弱点分類 (CWE)
タイムライン
- 予約済み
- 公開日
- 更新日
- EPSS 更新日
緩和策と回避策翻訳中…
Due to the lack of a patch, immediate mitigation is crucial. The primary strategy involves restricting RFC access to the vulnerable function module. Implement strict access controls, limiting access to only authorized users and systems. Consider using a Web Application Firewall (WAF) or proxy to filter incoming RFC requests, blocking those containing suspicious patterns or payloads. Regularly monitor system logs for unusual activity or attempts to exploit the vulnerability. While a patch is pending, implementing these workarounds can significantly reduce the attack surface. After implementing these mitigations, verify their effectiveness by attempting to trigger the vulnerability with a controlled test payload, ensuring that access is properly restricted.
修正方法翻訳中…
Aplique las actualizaciones y parches proporcionados por SAP para corregir la vulnerabilidad de inyección de código. Consulte la nota SAP 3587115 para obtener instrucciones detalladas sobre cómo aplicar la solución. Restrinja el acceso a la función vulnerable a usuarios de confianza.
CVEセキュリティニュースレター
脆弱性分析と重要アラートをメールでお届けします。
よくある質問翻訳中…
What is CVE-2025-31330 — RCE in SAP Landscape Transformation Analysis Platform?
CVE-2025-31330 is a critical Remote Code Execution vulnerability in SAP Landscape Transformation (Analysis Platform) versions up to DMIS 20111700, allowing attackers to inject ABAP code and potentially compromise the entire system.
Am I affected by CVE-2025-31330 in SAP Landscape Transformation Analysis Platform?
You are affected if you are using SAP Landscape Transformation (Analysis Platform) version DMIS 20111700 or earlier. Immediate mitigation steps are required.
How do I fix CVE-2025-31330 in SAP Landscape Transformation Analysis Platform?
A patch is currently unavailable. Mitigate by restricting RFC access to the vulnerable function module, implementing WAF rules, and monitoring system logs.
Is CVE-2025-31330 being actively exploited?
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high likelihood of active exploitation.
Where can I find the official SAP advisory for CVE-2025-31330?
Refer to the official SAP Security Notes for the latest information and updates regarding CVE-2025-31330: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)