CVE-2025-42887

Published Nov 11, 2025

Last updated 13 days ago

CVSS critical 9.9
SAP

Overview

Description
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.
Source
cna@sap.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-94

Social media

Hype score
Not currently trending

  1. CVE-2025-42887: How Missing Sanitization in RFC-Enabled Modules Grants Unauthenticated Root on SAP SolMan Read the full report on - https://t.co/aJ8tbHIDKX https://t.co/nZ8By51fW1

    @cyberbivash

    15 Jan 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-42887 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when cal..https://t.co/zt6pu3p3dA #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    16 Nov 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Major warning for SAP users: they patched a CVE-2025-42887 bug in SAP Solution Manager, unauthenticated attackers could inject code & fully take over systems. If you're running SAP in your org, get this fixed now. (Source:https://t.co/jdFVMR8Fmi) #infosec #SAP #cybersecurit

    @TechTal3s

    14 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Vulnerabilidades en productos SAP ❗CVE-2025-42890 ❗CVE-2025-42944 ❗CVE-2025-42887 ➡️Más info: https://t.co/YEezsg2cT3 https://t.co/tGhhWUgkEE

    @CERTpy

    14 Nov 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-42887: SAP Solution Manager remote function code injection (CVSS 9.9). Missing input sanitation in ABAP = authenticated attackers running arbitrary code in SAP backend. Patch: https://t.co/MDVM1XiNE9

    @gothburz

    13 Nov 2025

    115 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. SAP、11月の月例パッチで緊急2件を含む20件を修正-(CVE-2025-4289,CVE-2025-42887) https://t.co/6CG8m6xtpk #izumino_trend

    @sec_trend

    13 Nov 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. SAP、11月の月例パッチで緊急2件を含む20件を修正-(CVE-2025-4289,CVE-2025-42887) https://t.co/Qs8Hm7d2NY #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    12 Nov 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 CVE-2025-42890 - SAP SQL Anywhere Monitor Hardcoded Creds RCE SAP's monitoring tool shipped with hardcoded credentials enabling unauthenticated RCE—rated CVSS 10.0. What's brutal: CVE-2025-42890 is the marquee issue, but SAP also patched CVE-2025-42887 and CVE-2025-4294

    @the_c_protocol

    12 Nov 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. #SAP: Patches 3 Critical Vulnerabilities (CVSS 10.0) Including RCE / Code Injection and Hardcoded Credentials affecting SQL Anywhere Monitor (Non-GUI), SAP NetWeaver AS Java, and SAP Solution Manager:(CVE-2025-42890, CVE-2025-42944, CVE-2025-42887): 👇 https://t.co/KgkaA6igjt

    @securestep9

    11 Nov 2025

    1315 Impressions

    3 Retweets

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CRITICAL: SAP Solution Manager ST 720 flaw (CVE-2025-42887) lets authenticated attackers gain full system control via code injection. Patch ASAP when available & restrict access! 🔒 https://t.co/Wt1UC4Ve2P #O... https://t.co/gS6I3uwB1K

    @offseq

    11 Nov 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CVE-2025-42887 Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This co… https://t.co/95cKYo8X3c

    @CVEnew

    11 Nov 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. **CVE-2025-42887** pertains to a **missing input sanitization** flaw within **SAP Solution Manager (SolMan)**. The vulnerability allows an **authenticated attacker** to execute malicious code through **call to a remote-enabled function module**, which is a typical remote

    @CveTodo

    11 Nov 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.CVE-2026-27689
  2. SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.CVE-2026-27685
  3. SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.CVE-2026-24322
  4. SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.CVE-2026-23687
  5. Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. Successful exploitation results in a denial-of-service condition that impacts availability, while confidentiality and integrity remain unaffected.CVE-2026-23689

References

Sources include official advisories and independent security research.