September 5, 2025 By Zeljka Zorz
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday.
Their alert seems to be based on a report by SecurityBridge’s Threat Research Labs, who professedly verified that the exploit for the flaw is being used in the wild.
About CVE-2025-42957
CVE-2025-42957 is a code injection vulnerability affecting SAP S/4HANA’s function module exposed via RFC.
“This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system,” the CVE entry states.
The only roadblock to exploitation is that attackers must be authenticated as a low-privileged user to deploy the exploit – a roadblock that’s not that difficult to overcome.
