Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in SAP S/4HANA
Alerts

Critical Vulnerability in SAP S/4HANA

9 September 2025

SAP has released security updates addressing a critical vulnerability in SAP S/4HANA. Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

Background

SAP has released security updates addressing a critical vulnerability (CVE-2025-42957) in SAP S/4HANA. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.

Impact

Successful exploitation of the vulnerability could allow an attacker with user privileges to conduct arbitrary code injection and bypass the necessary authorisation checks, potentially leading to a full system compromise.

Known Exploitation

The vulnerability is reportedly being exploited in the wild.

Affected Products

The vulnerability affects SAP S/4HANA (Private Cloud or On-Premise) with the core Enterprise Management component S4CORE versions 102, 103, 104, 105, 106, 107 and 108.

Mitigation

Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-42957

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html

https://hackread.com/hackers-exploit-cve-2025-42957-sap-vulnerability/

Back to top