Recent SAP S/4HANA Vulnerability Exploited in Attacks

A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild.

A recently patched SAP S/4HANA vulnerability tracked as CVE-2025-42957 is being exploited in the wild, SAP security solutions provider SecurityBridge warned on Thursday.

The vulnerability was fixed by SAP in its enterprise resource planning (ERP) software in August, after being responsibly disclosed to the vendor by SecurityBridge in late June.

CVE-2025-42957 has been assigned a ‘critical’ severity rating and it can allow an attacker with low privileges to execute arbitrary code and take full control of the affected SAP system.

SecurityBridge is warning organizations about the exploitation of the vulnerability, but the security company’s director of research, Joris van de Vis, told SecurityWeek that they are not disclosing further details on the attacks at this time.

Van de Vis did confirm that SecurityBridge has seen malicious ...