SecurityBridge warned that CVE-2025-42957 allowed hackers with minimal system rights to mount “a complete system compromise with minimal effort required, where successful exploitation can easily lead to fraud, data theft, espionage, or the installation of ransomware.”
The security firm went on to write:
The attacker needs only low-level credentials on the SAP system (any valid user account with permissions to call the vulnerable RFC module and the specific S_DMIS authorization with activity 02), and no user interaction is required.
The attack complexity is low and can be performed over the network, which is why the CVSS score is so high (9.9). In summary, a malicious insider or a threat actor who has gained basic user access (through phishing, for example) could leverage this flaw to escalate into full control of the SAP environment.
SAP, for its part, warned: “This flaw operates as a backdoor, allowing unauthorized access to SAP systems and jeopardizing confidentiality, integrity, and availability. Without immediate mitigation, your SAP S/4HANA system could be severely compromised.” The post makes no mention of active exploitation.
Other vulnerabilities SAP reported Tuesday affected a range of products, including SAP Business One, SAP Landscape Transformation Replication Server, SAP Commerce Cloud, SAP Datahub, SAP Business Planning and Consolidation, SAP HCM, SAP BusinessObjects Business Intelligence Platform, SAP Supplier Relationship Management, and Fiori. Severity ratings of those vulnerabilities range from 3.1 to 8.8.
All vulnerabilities mentioned in this post, particularly those with high severity ratings, should be patched as soon as possible. SAP has more information on its security page.
