Critical SAP S/4HANA Vulnerability Actively Exploited, Allowing Full System Takeover
gbhackersA critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge.
The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to execute code injection and gain full control of an SAP system.
Organizations running SAP S/4HANA on-premise or in private cloud environments must apply the vendor’s patch immediately to prevent a complete system takeover.
| CVE Identifier | CVSS Score | Affected Releases |
|---|---|---|
| CVE-2025-42957 | 9.9 | All SAP S/4HANA releases (On-Premise and Private Cloud) |
SecurityBridge’s Threat Research Labs first discovered the flaw during routine security testing and disclosed it to SAP on June 27, 2025.
SAP released a fix as part of its August 2025 Patch Day on August 11. However, SecurityBridge has confirmed that the vulnerability is already used in ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE