The egregious high-severity flaws raise security alarms for ERP platforms, with urgency for patching and threat mitigation across organizations globally.
Hackers are actively exploiting a critical vulnerability, tracked as CVE-2025-42957 (Severity level 9.9), in SAP’s S/4HANA enterprise resource planning (ERP) suite. Such attacks do not require victims to interact, further raising the potential for stealthy compromise.
This flaw enables attackers with only basic credentials to gain full control of the affected SAP system, potentially facilitating actions such as data deletion, creation of privileged user accounts, and manipulation of sensitive business processes.
The exploit is considered highly accessible, and has resulted in confirmed malicious activity within customer environments, drawing urgent warnings from security researchers.
SAP has responded by urging organizations to patch S/4HANA systems without delay, stressing that the vulnerability acts as a dangerous backdoor threatening the confidentiality, integrity, and availability of SAP deployments. The firm’s advisory warns that insider threats, compromised users via phishing, or external attackers with network access, pose substantial risks for enterprises not implementing immediate fixes.
Additionally, the ERP firm has disclosed three other newly discovered vulnerabilities affecting a wide range of products:
- Critical flaws in its NetWeaver product, notably CVE-2025-42944 (Severity 10.0) — a deserialization vulnerability in the RMI-P4 module that allows unauthenticated attackers to execute arbitrary operating system commands via specially crafted payloads.
- Another flaw CVE-2025-42922 (Severity 9.9) , allows even low-privilege users in NetWeaver AS Java environments to upload and execute malicious files, threatening system integrity and uptime.
- Finally, CVE-2025-42958 (Severity 9.1) involves a missing authentication check that can enable unauthorized users to read, modify, or delete core data and escalate privileges in IBM i-series deployments of NetWeaver.
The firm’s September 2025 security patch release addresses these threats with updated security notes covering 21 new vulnerabilities and several revised earlier advisories.
The scope of these critical vulnerabilities reflects the crucial role that such ERP platforms play in global enterprises, managing financial, operational, and customer data. While some level of software vulnerability is inevitable in complex enterprise platforms, the industry consensus is that critical flaws like these — particularly those enabling remote code execution, file upload, or privilege escalation —should have been promptly caught during rigorous security reviews and code audits.
