#cve-2025-42957

[ follow ]
#sap #vulnerability #patching #sap-s4hana #abap-code-injection #security-patch
Information security
fromArs Technica
2 weeks ago

As hackers exploit one high-severity SAP flaw, company warns of 3 more

CVE-2025-42957 allows low-privileged SAP users to achieve near-complete system compromise remotely, risking fraud, data theft, espionage, and ransomware.
fromTheregister
3 weeks ago

Critical, make-me-super-user SAP S/4HANA bug being exploited

SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions. According to SecurityBridge Threat Research Labs, which originally spotted and disclosed the vulnerability to SAP, the team "verified actual abuse of this vulnerability." It doesn't appear to be widespread (yet), but the consequences of this flaw are especially severe.
Information security
[ Load more ]