Critical SAP S/4HANA Vulnerability (CVE-2025-42957) Actively Exploited, CVSS Score 9.9

8 Sep 2025

BreakingNewsHackingSecurityCVE-2025-42957HackingNewsInformationSecurityNewsITInformationSecurityPierluigiPaganiniSAPS4HANASecurityAffairsSecurityNews

A critical vulnerability, identified as CVE-2025-42957 with a CVSS score of 9.9, has been discovered in SAP S/4HANA and is currently being actively exploited. This command injection flaw enables attackers to fully compromise affected systems, modify databases, create superuser accounts, and steal password hashes. Given the severity and active exploitation, organizations using SAP S/4HANA must immediately apply the latest security patches provided by SAP. Additionally, they should enhance monitoring and detection mechanisms to identify any suspicious activity related to command injection attacks. Implementing strict access controls and network segmentation can help limit the impact of a potential breach. The high CVSS score underscores the urgency of addressing this vulnerability, as it poses significant risks to data integrity, confidentiality, and availability. Cybersecurity professionals should prioritize patch management and incident response planning to mitigate the risks associated with this critical flaw.