A critical vulnerability in SAP S/4HANA has been actively exploited, enabling attackers to take full control of affected systems. Organizations are urged to apply patches immediately and monitor for suspicious activity to prevent system compromise. #CVE202542957 #SAPS4HANA
Keypoints
- The vulnerability CVE-2025-42957 allows command injection in SAP S/4HANA via RFC function modules.
- Exploitation can lead to full system compromise, including database modification and creation of superuser accounts.
- Both on-premise and Private Cloud editions are affected by this security flaw.
- Threat actors can exploit the vulnerability with low user privileges, increasing risk exposure.
- Organizations should urgently apply patches, monitor logs, and implement access controls to mitigate threats.
Read More: https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html