Security researchers are warning that a critical SAP S/4HANA code injection vulnerability, CVE-2025-42957, is now being actively exploited in the wild. This flaw allows a low-privileged authenticated user to inject code, bypass authorization, and take full control of exposed SAP servers.
SAP patched the vulnerability on August 11, 2025, giving it a critical severity score of 9.9. However, attackers are now targeting systems that have not yet applied the security updates. The security firm SecurityBridge, which discovered and reported the flaw, confirmed that it has verified actual instances of its exploitation. They note that creating an exploit for this bug is relatively easy for skilled threat actors, as the code is open for all to see.
Exploiting this vulnerability could have severe consequences, including data theft, data manipulation, privilege escalation, and the deployment of malware or ransomware. A successful attack could also lead to credential theft and operational disruption.
SecurityBridge created a video showing how the flaw can be exploited to run system commands on SAP servers. SAP administrators who have not applied the August 2025 updates are urged to do so immediately. The vulnerability affects several SAP products and versions, including S/4HANA and Landscape Transformation. SAP customers can find more information about the recommended actions in a bulletin on the company's website.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
