平台
sap
组件
sap-s-4hana-and-sap-scm-characteristic-propagation
修复版本
713.0.1
714.0.1
4.0.1
103.0.1
104.0.1
4.0.1
106.0.1
107.0.1
108.0.1
700.0.1
701.0.1
702.0.1
712.0.1
CVE-2025-42967 describes a remote code execution (RCE) vulnerability within the Characteristic Propagation component of SAP S/4HANA and SAP SCM. This vulnerability allows an attacker with user-level privileges to inject malicious code into a newly created report, potentially leading to complete system compromise. The vulnerability affects versions of SAP SCM and S/4HANA up to and including SCM APO 713. A patch is available to address this critical security flaw.
The impact of CVE-2025-42967 is severe. Successful exploitation allows an attacker to execute arbitrary code on the affected SAP system with user privileges. This can lead to complete system takeover, enabling the attacker to access, modify, or delete sensitive data, install malware, or disrupt critical business operations. The ability to create a custom report with malicious code provides a highly effective attack vector, bypassing standard security controls. Given the widespread use of SAP systems in critical infrastructure and enterprise environments, the potential blast radius of this vulnerability is significant. This vulnerability shares similarities with other SAP RCE vulnerabilities where report customization features are exploited to gain unauthorized access and control.
CVE-2025-42967 was publicly disclosed on 2025-07-08. Its CVSS score of 9.9 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (POC) code may become available, increasing the risk of widespread attacks. It is recommended to prioritize patching this vulnerability. The vulnerability has not yet been added to the CISA KEV catalog, but its criticality warrants close monitoring.
Organizations heavily reliant on SAP S/4HANA and SAP SCM for critical business processes are at significant risk. This includes industries such as manufacturing, finance, and supply chain management. Systems with legacy configurations or those lacking robust access controls are particularly vulnerable. Shared hosting environments utilizing older SAP versions also present a heightened risk.
• linux / server:
journalctl -u <sap_service_name> | grep -i "characteristic propagation"• generic web:
curl -I <sap_url>/sap/bc/ui2/ui2/browser?sap-client=<client_id>&fiori=/sap/ui2/view/main.html• database (mysql):
SELECT * FROM <sap_tables> WHERE <column_name> LIKE '%characteristic propagation%';disclosure
漏洞利用状态
EPSS
0.73% (73% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-42967 is to upgrade to a patched version of SAP S/4HANA and SAP SCM. Refer to the official SAP security note for the specific fixed version. If immediate patching is not possible, consider implementing temporary workarounds such as restricting user privileges related to report creation and modification. Implement strict input validation on any user-supplied data used in report generation. Monitor SAP system logs for suspicious activity related to report creation and execution. After upgrading, confirm the fix by attempting to create a report with potentially malicious code and verifying that the system prevents its execution.
通过相应的安全提示应用 SAP 提供的更新以缓解代码注入漏洞。 详情和具体说明请参阅 SAP 提示 3618955。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-42967 is a critical remote code execution vulnerability affecting SAP S/4HANA and SAP SCM versions up to SCM APO 713. It allows attackers with user privileges to execute arbitrary code, potentially gaining full system control.
If you are running SAP S/4HANA or SAP SCM versions up to and including SCM APO 713, you are potentially affected by this vulnerability. Check your version against the affected range.
The recommended fix is to upgrade to a patched version of SAP S/4HANA and SAP SCM. Refer to the official SAP security note for the specific fixed version and upgrade instructions.
While active exploitation has not been confirmed, the vulnerability's criticality and public disclosure suggest a high likelihood of exploitation. Proactive patching is strongly recommended.
Refer to the official SAP Security Notes on the SAP Support Portal for the latest information and advisory regarding CVE-2025-42967.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。