Critical, make-me-super-user SAP S/4HANA bug under active exploitation

A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.

SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions.

According to SecurityBridge Threat Research Labs, which originally spotted and disclosed the vulnerability to SAP,  the team "verified actual abuse of this vulnerability." It doesn't appear to be widespread (yet), but the consequences of this flaw are especially severe.

"For example, SecurityBridge's team demonstrated in a lab environment how an attacker could create a new SAP superuser account (with SAP_ALL privileges) and directly manipulate critical business data," the researchers said in a Thursday write-up alongside a video demo of the exploit.

It's low-complexity to exploit. The bug enables a user to inject arbitrary ABAP code into ...