SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Key Takeaways:

• SAP S/4HANA faces a critical command injection vulnerability
• CVE-2025-42957 holds a near-maximum CVSS score of 9.9
• Attackers can exploit the flaw with basic user privileges
• SAP addressed this issue in its recent monthly security updates
• The vulnerability is confirmed to be actively exploited

Description of the Vulnerability

SAP S/4HANA, a leading Enterprise Resource Planning (ERP) software, has been found to contain a command injection flaw identified as CVE-2025-42957. With a CVSS rating of 9.9, the vulnerability represents a high-severity threat, allowing malicious actors to execute unauthorized commands in the system by abusing the function module if they have basic user-level privileges.

Severity and Exploitation

This vulnerability’s severity is underscored not just by its CVSS score but also by reports of active exploitation in the wild. Attackers with standard user credentials can leverage the flaw to gain deeper access, substantially increasing the risk of unauthorized data manipulation or broader network compromise.

Patch and SAP’s Response

SAP addressed this issue through its monthly updates, released last month. The security patch aims to correct the code paths that allowed unauthorized command injection in SAP S/4HANA. Administrators are strongly advised to apply the patch immediately to safeguard vital ERP processes and data from malicious exploitation.

Implications for Enterprises

Given SAP S/4HANA’s status as a mission-critical ERP solution for countless organizations, any vulnerability within its infrastructure poses a significant threat to business operations. Without timely application of the official patch, companies risk compromising sensitive data and critical workflows integral to their day-to-day functions. As attacks escalate, proactive security measures are vital to protect corporate assets and maintain business continuity.