What is the story about?
What's Happening?
A critical vulnerability in SAP S/4HANA, identified as CVE-2025-42957, is being actively exploited in cyber attacks, according to SecurityBridge. The flaw, which allows attackers with low privileges to execute arbitrary code and gain full control of affected systems, was patched by SAP in August following its disclosure by SecurityBridge. Despite the patch, SecurityBridge has observed malicious exploitation in customer environments, with attackers able to delete or insert data, create new users with elevated privileges, and potentially install ransomware. The vulnerability is considered of low complexity, making it accessible for skilled professionals to develop exploits.
Why It's Important?
The exploitation of this SAP vulnerability poses significant risks to organizations using the affected ERP software, potentially leading to data theft, fraud, and business process disruptions. As SAP systems are integral to many enterprises' operations, a complete system compromise could have severe financial and operational consequences. The incident highlights the importance of timely patching and monitoring for indicators of compromise, as threat actors continue to target vulnerabilities in widely used software products. Organizations must remain vigilant and proactive in their cybersecurity measures to protect against such attacks.
What's Next?
Organizations are advised to check logs for indicators of compromise, such as suspicious RFC calls and unexpected changes in admin users or ABAP code. While widespread exploitation has not been observed, the potential for significant impact necessitates heightened security measures and monitoring. SecurityBridge continues to assess the situation and may provide further details on the attacks as they become available.
AI Generated Content
Do you find this article useful?
