CVE-2025-42957
Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
SAP_SE · SAP S/4HANA (Private Cloud or On-Premise)public PoCs found — 1
githubgithub.com/mrk336/CVE-2025-42957-SAP-S-4HANA-Under-Siege★ 4⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →