SAP HANA under attack!

DarkReading.com reported that “A critical code injection vulnerability in SAP's S/4HANA ERP software that was first disclosed last month is now under exploitation in the wild.”  The September 5, 2025 article entitled " Critical SAP S/4HANA Vulnerability Under Attack, Patch Now”  (https://www.darkreading.com/vulnerabilities-threats/sap-4hana-vulnerability-under-attack) included these comments:

In a blog post Thursday, SecurityBridge said it discovered an exploit for CVE-2025-42957 and confirmed it has been used in the wild. "While widespread exploitation has not yet been reported, SecurityBridge has verified actual abuse of this vulnerability," the blog post said. "That means attackers already know how to use it – leaving unpatched SAP systems exposed."

SecurityBridge added that SAP's patch for CVE-2025-42957 is "relatively easy" to reverse engineer, and that successful exploitation gives attackers access to the operating system and all data in the targeted SAP system.

SecurityBridge wasn't the only company to flag exploitation activity. Pathlock, a cybersecurity vendor based in Denver, said it "detected outlier activity consistent with exploitation attempts of CVE-2025-42957," according to a blog post published Friday.

In a statement to media outlets, Jonathan Stross, SAP security analyst at Pathlock, said exploitation activity "surged dramatically" after the patch for CVE-2025-42957 was released.

It's unclear if the exploit discovered by SecurityBridge is a proof-of-concept. Dark Reading contacted SecurityBridge for comment, but the company did not respond at press time.

This is dangerous for many SAP HANA customers!