Critical vulnerability (CVE-2025-42957) has been discovered in several SAP products, including SAP S/4HANA, a platform widely relied upon by global enterprises for finance, supply chain, and business operations. This flaw is especially dangerous because it allows attackers to gain full system control once exploited.
Active Exploitation Confirmed
- It has been confirmed that hackers are already exploiting the flaw.
- Attackers only need a low-level user account to get started.
- Once inside, they can bypass security checks, inject malicious code, and escalate to administrator-level control.
A successful attack could allow threat actors to:
- Steal or manipulate sensitive data
- Insert hidden backdoors
- Disrupt core business operations
- Deploy ransomware across the SAP environment
Given that SAP S/4HANA is mission-critical for many organizations, the risks include severe operational and financial consequences.
Affected Versions
The flaw impacts SAP S/4HANA (Private Cloud or On-Premise) systems running S4CORE versions 102–108.
Patches Released
· SAP Note 3627998 – For S/4HANA
· SAP Note 3633838 – For SAP Landscape Transformation
Recommendations
· Apply SAP’s August 2025 security patches immediately
· Monitor systems for unusual or unauthorized activity
· Strengthening access controls and review security logs
· Ensure incident response teams are prepared for potential exploitation attempts
.png)
.png)