Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SAP S/4HANA command injection flaw (CVE-2025-42957)

Vulnerability
First reported
Last updated
Happening score
H score 45
3 unique sources, 3 articles

Summary

Hide ▲

SAP S/4HANA is facing active exploitation of CVE-2025-42957, a critical command injection flaw that SAP fixed last month. The weakness affects on-premise and Private Cloud editions and can let a low-privileged user inject arbitrary ABAP code and bypass authorization checks. Successful abuse can lead to full system compromise, including SAP_ALL privileges, data theft, and business-process manipulation. Organizations are being urged to apply patches immediately and watch for suspicious RFC calls or new admin users.

Related Happenings

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

SAP Solution Manager ST 720 code injection security flaw (CVE-2025-42880)

Vulnerability
First: 10.12.2025 00:41 Last: 10.12.2025 00:41 Sources 1

About this happening: **CVE-2025-42880** is a **code injection** flaw in **SAP Solution Manager ST 720** that could let an **authenticated attacker** gain **full control** of the system. SAP included t...

Open Happening

CISA adds CVE-2025-61932 to KEV and sets FCEB remediation deadline

Public Sector Action
First: 23.10.2025 08:37 Last: 23.10.2025 08:37 Sources 1

About this happening: **CISA** added **CVE-2025-61932** affecting **Motex Lanscope Endpoint Manager** to the **KEV catalog** after confirming it was **actively exploited in the wild**. The action matte...

Open Happening

SAP NetWeaver AS Java deserialization RCE (CVE-2025-42944)

Vulnerability
First: 15.10.2025 08:36 Last: 15.10.2025 08:36 Sources 1

About this happening: **SAP NetWeaver AS Java** has a **CVE-2025-42944** insecure deserialization flaw that can let an **unauthenticated attacker** trigger **arbitrary OS command execution** through th...

Open Happening

Timeline

  1. 05.09.2025 16:36 1 articles · 8mo ago

    SecurityBridge reports CVE-2025-42957 to SAP

    Initial Disclosure

    SecurityBridge discovers CVE-2025-42957 in SAP S/4HANA, reports the RFC-exposed ABAP code injection flaw to SAP, and helps develop a patch for affected systems.

    Show sources
    Open in new tab
  2. 05.09.2025 16:36 1 articles · 8mo ago

    SAP fixes CVE-2025-42957 in August 2025 Patch Day updates

    Mitigation Patch Update

    SAP fixes CVE-2025-42957 on August 11, 2025, rating the SAP S/4HANA ABAP code injection flaw critical at CVSS 9.9 and leaving unpatched systems exposed until updates are applied.

    Show sources
    Open in new tab
  3. 05.09.2025 13:59 4 articles · 8mo ago

    CVE-2025-42957 actively exploited in SAP S/4HANA

    Initial Disclosure

    SecurityBridge Threat Research Labs said an alert issued Thursday observed active exploitation of CVE-2025-42957 in SAP S/4HANA, affecting both on-premise and Private Cloud editions. The command injection flaw in an RFC-exposed function module can let a low-privileged user inject arbitrary ABAP code, bypass authorization checks, and potentially reach full system compromise; SAP fixed the vulnerability as part of its monthly updates last month.

    Show sources
    Open in new tab
  4. 05.09.2025 13:59 4 articles · 8mo ago

    CVE-2025-42957 actively exploited in SAP S/4HANA

    Initial Disclosure

    SecurityBridge Threat Research Labs said an alert issued Thursday observed active exploitation of CVE-2025-42957 in SAP S/4HANA, affecting both on-premise and Private Cloud editions. The command injection flaw in an RFC-exposed function module can let a low-privileged user inject arbitrary ABAP code, bypass authorization checks, and potentially reach full system compromise; SAP fixed the vulnerability as part of its monthly updates last month.

    Show sources
    Open in new tab