Platform
sap
Component
sap-s-4hana
Opgelost in
4.0.1
103.0.1
104.0.1
105.0.1
106.0.1
107.0.1
108.0.1
CVE-2025-27429 is a critical code injection vulnerability affecting SAP S/4HANA version 102. An attacker with user privileges can exploit a flaw in a function module exposed through RFC to inject arbitrary ABAP code, effectively creating a backdoor. This allows for complete system compromise, jeopardizing the confidentiality, integrity, and availability of sensitive data and business processes. A patch is available from SAP to remediate this issue.
The impact of CVE-2025-27429 is severe. Successful exploitation allows an attacker to execute arbitrary ABAP code within the SAP S/4HANA system. This effectively grants them complete control, bypassing standard authorization mechanisms. Attackers could steal sensitive data such as financial records, customer information, and intellectual property. They could also modify data, disrupt business operations, or install persistent backdoors for future access. The ability to inject arbitrary code makes this vulnerability particularly dangerous, as it allows for a wide range of malicious activities, similar to the impact of remote code execution vulnerabilities. The system's integrity is fundamentally compromised.
CVE-2025-27429 was publicly disclosed on April 8, 2025. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of exploitation (requiring only user privileges) makes it a likely target for attackers. It is recommended to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns. This vulnerability has not yet been added to the CISA KEV catalog.
Organizations running SAP S/4HANA version 102 are at significant risk. This includes businesses across various industries that rely on SAP for core business processes, particularly those with extensive use of RFC interfaces. Shared hosting environments or deployments with weak user privilege management are especially vulnerable.
• sap: Examine SAP system logs for unusual RFC calls or ABAP code execution patterns. Specifically, look for calls to the vulnerable function module.
zgrep -r 'vulnerable_function_module' /sap/…/log/• linux / server: Monitor system logs (e.g., /var/log/auth.log) for successful logins from unusual IP addresses or user accounts, followed by suspicious process activity.
journalctl -u saprouter | grep -i error• generic web: Monitor web server access logs for requests targeting the RFC endpoint.
curl -I <rfc_endpoint>disclosure
Exploit Status
EPSS
0.39% (60% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-27429 is to upgrade to a patched version of SAP S/4HANA as soon as possible. SAP has released a security patch to address this vulnerability. If immediate patching is not feasible, consider restricting access to the vulnerable RFC function module. Implement strict input validation on any data passed to the function module to prevent malicious code injection. Monitor system logs for suspicious activity, particularly attempts to access or execute the vulnerable function module. After applying the patch, verify the fix by attempting to trigger the vulnerability using a controlled test case and confirming that the code injection is prevented.
Aplique las actualizaciones de seguridad proporcionadas por SAP para corregir la vulnerabilidad de inyección de código. Consulte la nota SAP 3581961 para obtener instrucciones detalladas sobre cómo aplicar el parche correspondiente a su versión de SAP S/4HANA. Es crucial realizar pruebas exhaustivas en un entorno de desarrollo antes de aplicar la actualización en producción.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-27429 is a critical vulnerability in SAP S/4HANA 102 that allows attackers with user privileges to inject arbitrary ABAP code, potentially leading to full system compromise.
If you are running SAP S/4HANA version 102, you are potentially affected by this vulnerability. Check SAP's security notes for confirmation and remediation steps.
The recommended fix is to upgrade to a patched version of SAP S/4HANA as soon as possible. Refer to SAP's security notes for specific patch details.
While no public exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks. Continuous monitoring is crucial.
Refer to the official SAP Security Notes on the SAP Support Portal for the latest information and advisory regarding CVE-2025-27429.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.