A serious command injection vulnerability, tracked as CVE-2025-42957, has surfaced in SAP S/4HANA and is actively exploited. With a CVSS score of 9.9, this flaw allows attackers with user privileges to compromise critical ERP functions, prompting urgent fixes from SAP.