- Description
- Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.
- Source
- cna@sap.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cna@sap.com
- CWE-94
- Hype score
- Not currently trending
🚨 Critical (CVSS 9.9) RCE vuln in SAP Solution Manager (CVE-2025-42880) allows an authenticated attacker to execute code. We have added it as a honeypot stream into Defused TF. 🍯 This vulnerability does not have a POC yet. Lets go hunting! 👉 https://t.co/0KmalJdGuV
@DefusedCyber
11 Dec 2025
7244 Impressions
10 Retweets
63 Likes
25 Bookmarks
2 Replies
1 Quote
SAP 2025年12月セキュリティパッチを公開-Solution Managerなど3件のクリティカルな脆弱性に注意(CVE-2025-42880,CVE-2025-55754 / CVE-2025-55752,CVE-2025-42928) https://t.co/NAvVnZLUcC #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
11 Dec 2025
126 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-42880: CRITICAL] Beware! Vulnerability in SAP Solution Manager lets attackers execute malicious code, gaining full system control. Ensure input sanitation to safeguard system security!#cve,CVE-2025-42880,#cybersecurity https://t.co/AtE4Z6Xifq https://t.co/IE0LGSPOVW
@CveFindCom
9 Dec 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-42880 in SAP Solution Manager ST 720 allows code injection via remote-enabled function modules. Patch ASAP to avoid full system compromise! 🛡️ https://t.co/mZhCCjqxnl #OffSeq #SAP #Vulnera... https://t.co/Aoijah1oC1
@offseq
9 Dec 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes