CVE-2025-27429

Published Apr 8, 2025

Last updated 3 months ago

CVSS critical 9.9

Overview

Description
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-94

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-27429

    @transilienceai

    12 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. This week's major security updates: Fortinet patched a critical FortiSwitch flaw (CVE-2024-48887, 9.8 CVSS), WhatsApp fixed a malware trick (CVE-2025-30401), SAP addressed code injection (CVE-2025-27429, CVE-2025-31330) & auth bypass (CVE-2025-30016).

    @CyberWatch_News

    10 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-27429 ⚠️🔴 CRITICAL (9.9) 🏢 SAP_SE - SAP S/4HANA (Private Cloud) 🏗️ S4CORE 102 🔗 https://t.co/kbajbI2MrH 🔗 https://t.co/f5sXJgkGmG #CyberCron #VulnAlert #InfoSec https://t.co/ydOmov9kMl

    @cybercronai

    8 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. SAPセキュリティパッチデー ・SAP S/4HANAコードインジェクション脆弱性(CVSSスコア9.9)CVE-2025-27429 ・SAP Financial Consolidationにおける認証バイパス(CVSS 9.8)CVE-2025-30016 アップデートはこちらから👉 https://t.co/mzKwolYQQr

    @t_nihonmatsu

    8 Apr 2025

    214 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. �� CVE-2025-27429 - SAP S/4HANA - HIGH 🚨 🗓️ Date published 2025-04-08 08:15:16 UTC #SAPS/4HANA #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/ZxOtGbodIF

    @vulns_space

    8 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-27429 SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary AB… https://t.co/NYJrb8BOWE

    @CVEnew

    8 Apr 2025

    167 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.