Platform
sap
Component
sap-s-4hana
Opgelost in
4.0.1
103.0.1
104.0.1
105.0.1
106.0.1
107.0.1
108.0.1
CVE-2025-42957 represents a critical vulnerability within SAP S/4HANA 102. This flaw allows an attacker possessing user privileges to inject arbitrary ABAP code through a function module exposed via RFC, effectively bypassing authorization controls. Successful exploitation can lead to complete system compromise, impacting the confidentiality, integrity, and availability of the system. The vulnerability was published on August 12, 2025, and a patch is required to remediate the risk.
The impact of CVE-2025-42957 is severe. An attacker who successfully exploits this vulnerability gains the ability to execute arbitrary ABAP code within the SAP S/4HANA system. This effectively creates a backdoor, granting them complete control over the system's functionality. They can potentially access sensitive data, modify critical business processes, and even delete or corrupt data. The ability to bypass authorization checks means that even users with limited privileges could potentially escalate their access and compromise the entire system. This vulnerability shares similarities with other code injection flaws that have led to significant data breaches and operational disruptions in enterprise environments.
CVE-2025-42957 is a high-priority vulnerability due to its CRITICAL CVSS score and the potential for complete system compromise. Public proof-of-concept exploits are likely to emerge given the ease of code injection. The vulnerability was disclosed on August 12, 2025. It is reasonable to expect that threat actors will actively target SAP S/4HANA deployments to exploit this flaw. Monitor CISA KEV listings for updates.
Organizations running SAP S/4HANA 102 are at significant risk. Specifically, deployments with overly permissive RFC access controls or those lacking robust input validation are particularly vulnerable. Shared hosting environments utilizing SAP S/4HANA also face increased risk due to the potential for cross-tenant exploitation.
• linux / server:
journalctl -u saprouter -f | grep -i "rfc"• generic web:
curl -I <rfc_endpoint> | grep -i "SAP S/4HANA"disclosure
patch
Exploit Status
EPSS
0.08% (24% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-42957 is to upgrade to a patched version of SAP S/4HANA as soon as it becomes available. Until the upgrade can be performed, consider implementing temporary workarounds. Restrict access to the vulnerable RFC function module, limiting it to only authorized users and systems. Implement strict input validation on any data passed to the function module to prevent malicious code injection. Monitor system logs for suspicious activity, particularly attempts to access or execute the vulnerable function module. After applying the upgrade, verify the fix by attempting to trigger the vulnerability using known attack vectors and confirming that the authorization checks are properly enforced.
Pas de beveiligingsupdates en patches toe die door SAP voor S/4HANA worden geleverd. Raadpleeg SAP note 3627998 en de SAP Security Patch Day voor gedetailleerde informatie over de oplossing en de gecorrigeerde versies. Zorg ervoor dat alle gebruikers de minimale privileges hebben die nodig zijn om hun taken uit te voeren.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-42957 is a critical vulnerability in SAP S/4HANA 102 that allows attackers with user privileges to inject arbitrary ABAP code via RFC, potentially leading to full system compromise.
If you are running SAP S/4HANA version 102, you are potentially affected by this vulnerability. Immediate action is required to mitigate the risk.
The recommended fix is to upgrade to a patched version of SAP S/4HANA as soon as it becomes available. Until then, implement temporary workarounds like restricting RFC access.
While there is no confirmed widespread exploitation at this time, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted by attackers.
Refer to the official SAP Security Notes and Advisories on the SAP Support Portal for the latest information and guidance regarding CVE-2025-42957.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.