- Description
- SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cna@sap.com
- CWE-94
- Hype score
- Not currently trending
SAP S/4HANA Users Urged to Patch Critical Exploited Bug Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wildCritical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild Read More https://t.co/31M0x2k4Ft
@SecurityAid
27 Dec 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent SAP S/4HANA Vulnerability Exploited in Attacks A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on Securi...
@SecurityAid
25 Dec 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
過去記事、注意喚起 SAP S/4HANAに要即時対応推奨の致命的な脆弱性(CVE-2025-42957) https://t.co/jbjRb3OPLF #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
20 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
アスクルもアサヒもランサムウェアに脆弱性CVE-2025-42957を突かれたのかしら?
@arag_on
19 Oct 2025
347 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild https://t.co/xOnFRJ2EbK #cyber #threathunting #infosec
@blueteamsec1
7 Oct 2025
777 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
تحذير! ثغرة جديدة في SAP S/4HANA تُستغل بشكل فعلي. الثغرة المُعطاة الرقم CVE-2025-42957 تتيح للمهاجمين تنفيذ أكواد عشوائية والتحكم الكامل في النظام. رغم تصحيح SAP لها،
@Cybereayn
20 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild #CISO https://t.co/BeYau9tAiK https://t.co/T6a4wONuYq
@compuchris
19 Sept 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Threat Actors are exploiting a Code Injection flaw in SAP S/4HANA (Private Cloud & On-Prem) 🚨 CVE-2025-42957 (CVSS 9.9) — Active Exploit 🔒 Patch now → SAP Note 3627998 📌 Also apply Note 3633838 (CVE-2025-42950, SLT/DMIS) 🛡 Harden configs & monitor f
@IamTaradutt
13 Sept 2025
679 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Az SAP S/4HANA sérülékenységét aktívan kihasználják a támadások során A kiberbiztonsági szakértők figyelmeztetést adtak ki az SAP S/4HANA szoftvert érintő CVE-2025-42957 (CVSS pontszám: 9,9) azonosítón nyomon követett, aktívan kihasznált sebezhetőségge
@linuxmint_hun
13 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغـ ـرة خطـ ـيرة في SAP S/4HANA تحت الاسـ ـتغلال النشط: CVE-2025-42957 التفاصيل.. https://t.co/1FF4wtsOnC #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/SAmBEuApiS
@ccforrs
10 Sept 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Eine kritische Sicherheitslücke in SAP S/4HANA (CVE-2025-42957, CVSS 9.9) wird derzeit aktiv ausgenutzt. Angreifer können Systeme vollständig kompromittieren, was zu Datendiebstahl, Ransomware-Angriffen und erheblichen Risiken für die GDPR- und NIS2-Compliance führt. Da es k
@KvinneGmbh
10 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔺[CVE-2025-42957 S/4HANA code injection vulnerability] ▪️Scopri come mitigare la vulnerabilità CVE-2025-42957 su SAP S/4HANA e proteggere i tuoi dati aziendali! #AgleaSAPSecurity #proudtobehorsa https://t.co/YHt09su0cx
@AgleaItaly
10 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NCERT Issues Advisory On Critical SAP S/4HANA Vulnerability CVE-2025-42957 https://t.co/4HQ3YoDsHl Wired, CVE-2025-42957, cybersecurity, enterprise security, nCERT, patch management, Remote Code Execution, SAP S/4HANA, Vulnerability https://t.co/0GwKV7NXIi https://t.co/sUfZbfzGea
@spinidg
9 Sept 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent! SAP S/4HANA users warned of a critical vulnerability, CVE-2025-42957, now actively exploited in the wild. Patch immediately to secure your systems! #SAPS4HANA #Cybersecurity https://t.co/0AOzjlC6Ho
@xcybersecnews
9 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security experts have warned SAP S/4HANA cloud customers that a critical code injection vulnerability - CVE-2025-42957, CVSS score of 9.9 - patched by the vendor in August, is being exploited in the wild. https://t.co/dIU725akdu https://t.co/lB3bvthay2
@secharvesterx
9 Sept 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recently patched SAP S/4HANA vulnerability tracked as CVE-2025-42957 is being exploited in the wild, SAP security solutions provider SecurityBridge warned on Thursday. https://t.co/lSQPd45jz7
@blackwired32799
9 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers. https://t.co/xByEmzH5YB https://t.co/yjOBkJhWdH
@Guardian360nl
8 Sept 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are weaponizing AI with tools like Claude Code for #ransomware; CVE-2025-42957 in SAP S/4HANA lets low-level users exploit systems and breach data. More below: https://t.co/TEalB9q3dd
@NetizenCorp
8 Sept 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Critical vulnerability CVE-2025-42957 (CVSS 9.9) actively exploited in SAP S/4HANA. Command injection flaw allows full system compromise. #CyberSecurity #SAP https://t.co/JykIT1uoUF https://t.co/JI6tFbhLo4
@CyberHub_blog
8 Sept 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢ช่องโหว่ระดับ Critical ใน SAP S/4HANA (CVE-2025-42957) ถูกใช้โจมตี🖥️ #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/288WecYeE6
@ThaiCERTByNCSA
8 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING Critical SAP S/4HANA flaw (CVE-2025-42957) 💥 exploited in the wild! 🛑 Attackers can fully compromise systems. 🏢 Global orgs must patch 🔧 NOW to stop data theft & ransomware 🦠. ⚠️ CVE-2025-42957 is a critical ABAP code-injection (CVSS 9.9)
@MarcelVelica
8 Sept 2025
94 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-33073 2 - CVE-2023-50428 3 - CVE-2024-30088 4 - CVE-2025-42957 5 - CVE-2025-54948 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
8 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SAP Vulnerability CVE-2025-42957 is actively exploited by hackers! If your organization uses SAP, immediate action is crucial to prevent breaches. #SAPSecurity #CyberThreat https://t.co/ADEDlGMLUJ
@xcybersecnews
8 Sept 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A single low-privilege account is all it takes to hijack SAP S/4HANA. CVE-2025-42957 is already being exploited, giving attackers full system takeover. Have you patched yet? Read more: https://t.co/N4THJqShJi #CVE #Cybersecurity #infosecurity #DataSecurity #ThreatHunting #CTI
@rewterz
8 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 SAP S/4HANA - CVE-2025-42957 ⚡ Déjà exploitée dans le cadre d'attaques et peut mener à la compromission complète du serveur SAP. Son exploitation implique de disposer d'un compte utilisateur standard. 🧷 + d'infos : https://t.co/Pz9P6GBjT2 #SAP #ERP #infosec #cyb
@ITConnect_fr
8 Sept 2025
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[IT-Connect] - SAP S/4HANA – CVE-2025-42957 : cette faille critique est exploitée dans des cyberattaques ! - https://t.co/8isTExWPna 👌😁
@akril
8 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANAに要即時対応推奨の致命的な脆弱性(CVE-2025-42957) #セキュリティ対策Lab #セキュリティ #Security https://t.co/jbjRb3OPLF
@securityLab_jp
8 Sept 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️VirusTotalがフィッシング攻撃用SVGファイルを44件発見、いずれもスキャン結果は「未検出」 🚨SAP S/4HANAの重大なコードインジェクションバグ、実際の攻撃で悪用されていることが判明(CVE-2025-42957) 〜サ
@MachinaRecord
8 Sept 2025
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) - Help Net Security https://t.co/o8F7Gi80vc
@JosephLykowski
8 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers https://t.co/Tk5WtAHk1L
@StratoKey
8 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
攻撃者は重大なSAP S/4HANAの脆弱性(CVE-2025-42957)を悪用している Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) #HelpNetSecurity (Sep 5) https://t.co/CSuGiqsBAk
@foxbook
7 Sept 2025
338 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild https://t.co/hcXFkSEHuZ
@DeepBlueInfoSec
7 Sept 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#SAP S/4HANA #CriticalVulnerability CVE-2025-42957 #Exploited in the Wild https://t.co/V5lkkOeCDl
@miguelcarvajalm
7 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-42957 in SAP S/4HANA is being actively exploited! Low-priv users → full takeover via ABAP code injection. Impacts S/4HANA, DMIS, Business One, NetWeaver. #SAP #CyberAttack #InfoSec #Darkweb #Deepweb Breaking news from the world & Darkweb: https://t.co/ZF7G3l
@godeepweb
7 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild https://t.co/Dzvt3PKXH8
@TechcraticNews
7 Sept 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SAP S/4HANAに重大脆弱性CVE-2025-42957、低権限ユーザーでもシステム乗っ取り可能 ─ イノベトピア https://t.co/3CflV5ZloQ この問題が企業に与える影響範囲は計り知れません。SAP S/4HANAは多くの大企業の基幹システムで
@innovaTopia_JP
7 Sept 2025
62 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
For anyone running SAP S/4HANA: urgent patch required. A critical flaw (CVE-2025-42957, CVSS 9.9) is being actively exploited, giving attackers potential full system & OS control. Apply SAP Security Notes 3627998 & 3633838 immediately. https://t.co/aeKr7tD7Xb #Cybers
@AnomalousBytes
7 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANAに存在する重大脆弱性「CVE-2025-42957」がすでに実際の攻撃に悪用されていることが確認されました。コードインジェクションを可能にし、業務システムが直接侵害される危険あり。利用企業は至急パッ
@Simplex_rm
7 Sept 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation https://t.co/rMERoUTj4W
@samilaiho
7 Sept 2025
705 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild https://t.co/nDVaGMcRm7
@PVynckier
7 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA vulnerability CVE-2025-42957 actively exploited https://t.co/slmeseuqdh
@DemolisherDigi
7 Sept 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA Vulnerability Actively Exploited in Attacks https://t.co/sM4enu4bda #AbapCodeInjection #cve-2025-42957 #PrivilegeEscalation
@wizconsults
6 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡ Cyber Brief: - SAP S/4HANA bug (CVE-2025-42957) exploited for full system takeover 🛑 - Middle East supply chain attacks surge 25% 📦 - Akira ransomware claims breach of Michigan Sugar 🍬 🔗 Full story on our site. https://t.co/zx7qGxN9Kr #CyberSecurity #SAP #Ransom
@TechNadu
6 Sept 2025
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#cyberataque #cyberattacks vulnerabilidad de seguridad crítica afecta a #SAP S/4HANA. La vulnerabilidad de inyección de comandos, identificada como CVE-2025-42957 (puntaje CVSS: 9,9), fue corregida por SAP como parte de sus actualizaciones mensuales . 6 Septiembre 2025 http
@marielr63
6 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A Critical SAP vulnerability (CVE-2025-42957) with a CVSS of 9.9 (!) has been seen being abused in the wild. https://t.co/ZRClrKvjlH
@IntCyberDigest
6 Sept 2025
1073 Impressions
2 Retweets
9 Likes
8 Bookmarks
2 Replies
0 Quotes
CVE-2025-42957 patch now
@toomuchoohlll
6 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SAP S/4HANA Critical #Vulnerability CVE-2025-42957 Exploited in the Wild #HANA https://t.co/OA4VyyIVd0 via @TheHackersNews
@DaustoC
6 Sept 2025
254 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨هشدار: CVE-2025-42957 در SAP S/4HANA با امتیاز 9.9 تحت سوءاستفاده فعال است! 📌 مهاجم = دسترسی کامل به ERP ⏱️ پچ فوری حیاتی است. #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #ABA
@vulnerbyte
6 Sept 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical SAP Vulnerability Under Active Attack! A critical code injection flaw (CVE-2025-42957, CVSS 9.9) in SAP S/4HANA is now under active attack. With only low-level access, attackers can inject ABAP code, bypass controls, and gain full system takeover—creating superusers,
@ChbibAnas
6 Sept 2025
25 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP S/4HANA Critical Flaw CVE-2025-42957 Actively Exploited in the Wild https://t.co/oNR4aSCMON https://t.co/1RJ2N8YVDS
@sctocs25
6 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes