Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
翻訳中…プラットフォーム
sap
コンポーネント
sap-s-4hana
修正版
4.0.1
103.0.1
104.0.1
105.0.1
106.0.1
107.0.1
108.0.1
CVE-2025-27429 is a critical code injection vulnerability affecting SAP S/4HANA version 102. An attacker with user privileges can exploit a flaw in a function module exposed through RFC to inject arbitrary ABAP code, effectively creating a backdoor. This allows for complete system compromise, jeopardizing the confidentiality, integrity, and availability of sensitive data and business processes. A patch is available from SAP to remediate this issue.
影響と攻撃シナリオ翻訳中…
The impact of CVE-2025-27429 is severe. Successful exploitation allows an attacker to execute arbitrary ABAP code within the SAP S/4HANA system. This effectively grants them complete control, bypassing standard authorization mechanisms. Attackers could steal sensitive data such as financial records, customer information, and intellectual property. They could also modify data, disrupt business operations, or install persistent backdoors for future access. The ability to inject arbitrary code makes this vulnerability particularly dangerous, as it allows for a wide range of malicious activities, similar to the impact of remote code execution vulnerabilities. The system's integrity is fundamentally compromised.
悪用の状況翻訳中…
CVE-2025-27429 was publicly disclosed on April 8, 2025. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of exploitation (requiring only user privileges) makes it a likely target for attackers. It is recommended to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns. This vulnerability has not yet been added to the CISA KEV catalog.
リスク対象者翻訳中…
Organizations running SAP S/4HANA version 102 are at significant risk. This includes businesses across various industries that rely on SAP for core business processes, particularly those with extensive use of RFC interfaces. Shared hosting environments or deployments with weak user privilege management are especially vulnerable.
検出手順翻訳中…
• sap: Examine SAP system logs for unusual RFC calls or ABAP code execution patterns. Specifically, look for calls to the vulnerable function module.
zgrep -r 'vulnerable_function_module' /sap/…/log/• linux / server: Monitor system logs (e.g., /var/log/auth.log) for successful logins from unusual IP addresses or user accounts, followed by suspicious process activity.
journalctl -u saprouter | grep -i error• generic web: Monitor web server access logs for requests targeting the RFC endpoint.
curl -I <rfc_endpoint>攻撃タイムライン
- Disclosure
disclosure
脅威インテリジェンス
エクスプロイト状況
EPSS
0.39% (60% パーセンタイル)
CISA SSVC
CVSS ベクトル
これらのメトリクスの意味は?
- Attack Vector
- ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
- Attack Complexity
- 低 — 特別な条件不要。安定して悪用可能。
- Privileges Required
- 低 — 有効なユーザーアカウントがあれば十分。
- User Interaction
- なし — 自動かつ無音の攻撃。被害者は何もしない。
- Scope
- 変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
- Confidentiality
- 高 — 機密性の完全喪失。全データが読み取り可能。
- Integrity
- 高 — 任意のデータの書き込み・変更・削除が可能。
- Availability
- 高 — 完全なクラッシュまたはリソース枯渇。完全なサービス拒否。
影響を受けるソフトウェア
弱点分類 (CWE)
タイムライン
- 予約済み
- 公開日
- 更新日
- EPSS 更新日
緩和策と回避策翻訳中…
The primary mitigation for CVE-2025-27429 is to upgrade to a patched version of SAP S/4HANA as soon as possible. SAP has released a security patch to address this vulnerability. If immediate patching is not feasible, consider restricting access to the vulnerable RFC function module. Implement strict input validation on any data passed to the function module to prevent malicious code injection. Monitor system logs for suspicious activity, particularly attempts to access or execute the vulnerable function module. After applying the patch, verify the fix by attempting to trigger the vulnerability using a controlled test case and confirming that the code injection is prevented.
修正方法翻訳中…
Aplique las actualizaciones de seguridad proporcionadas por SAP para corregir la vulnerabilidad de inyección de código. Consulte la nota SAP 3581961 para obtener instrucciones detalladas sobre cómo aplicar el parche correspondiente a su versión de SAP S/4HANA. Es crucial realizar pruebas exhaustivas en un entorno de desarrollo antes de aplicar la actualización en producción.
CVEセキュリティニュースレター
脆弱性分析と重要アラートをメールでお届けします。
よくある質問翻訳中…
What is CVE-2025-27429 — Code Injection in SAP S/4HANA?
CVE-2025-27429 is a critical vulnerability in SAP S/4HANA 102 that allows attackers with user privileges to inject arbitrary ABAP code, potentially leading to full system compromise.
Am I affected by CVE-2025-27429 in SAP S/4HANA?
If you are running SAP S/4HANA version 102, you are potentially affected by this vulnerability. Check SAP's security notes for confirmation and remediation steps.
How do I fix CVE-2025-27429 in SAP S/4HANA?
The recommended fix is to upgrade to a patched version of SAP S/4HANA as soon as possible. Refer to SAP's security notes for specific patch details.
Is CVE-2025-27429 being actively exploited?
While no public exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks. Continuous monitoring is crucial.
Where can I find the official SAP advisory for CVE-2025-27429?
Refer to the official SAP Security Notes on the SAP Support Portal for the latest information and advisory regarding CVE-2025-27429.