Tag: sap
-
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-s4hana-patch-critical/
-
Geschäftsdaten gefährdet: Kritische SAP-Lücke wird aktiv ausgenutzt
Angreifer bedienen sich einer kritischen Sicherheitslücke in SAP S/4Hana. Wer nicht patcht, riskiert eine Kompromittierung der SAP-Umgebung. First seen on golem.de Jump to article: www.golem.de/news/geschaeftsdaten-gefaehrdet-kritische-sap-luecke-wird-aktiv-ausgenutzt-2509-199860.html
-
Geschäftsdaten gefährdet: Kritische SAP-Lücke wird aktiv ausgenutzt
Angreifer bedienen sich einer kritischen Sicherheitslücke in SAP S/4Hana. Wer nicht patcht, riskiert eine Kompromittierung der SAP-Umgebung. First seen on golem.de Jump to article: www.golem.de/news/geschaeftsdaten-gefaehrdet-kritische-sap-luecke-wird-aktiv-ausgenutzt-2509-199860.html
-
Geschäftsdaten gefährdet: Kritische SAP-Lücke wird aktiv ausgenutzt
Angreifer bedienen sich einer kritischen Sicherheitslücke in SAP S/4Hana. Wer nicht patcht, riskiert eine Kompromittierung der SAP-Umgebung. First seen on golem.de Jump to article: www.golem.de/news/geschaeftsdaten-gefaehrdet-kritische-sap-luecke-wird-aktiv-ausgenutzt-2509-199860.html
-
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers
Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-cve-2025-42957-sap-vulnerability/
-
SAP splashes Euro20B on Euro sovereign cloud push
German giant takes aim at US hyperscaler dominance as some EU customers fret amid Trump 2.0 rhetoric First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/sap_sovereign_cloud/
-
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation
Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. An attacker can exploit this flaw to fully compromise SAP systems, altering databases, creating superuser accounts, and stealing password hashes. >>SAP…
-
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
Exploitation of CVE-2025-42957 requires minimal effort and can result in a complete compromise of the SAP system and host OS, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sap-4hana-vulnerability-under-attack
-
Critical, makesuper-user SAP S/4HANA bug under active exploitation
9.9-rated flaw on the loose, so patch now First seen on theregister.com Jump to article: www.theregister.com/2025/09/05/critical_sap_s4hana_bug_exploited/
-
Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus
Tags: access, authentication, bug, ciso, cloud, cve, cvss, cyberattack, exploit, flaw, germany, hacker, injection, monitoring, password, reverse-engineering, sans, sap, service, update, vulnerabilityEin Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet.Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die gewaltige Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte Exploit ermöglicht es einem User mit geringen Berechtigungen, mittels Code-Injection in der SAP-Programmiersprache ABAP die vollständige Kontrolle über ein S/4HANA-System zu…
-
Critical SAP S/4HANA vulnerability now exploited in attacks
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-sap-s-4hana-vulnerability-now-exploited-in-attacks/
-
Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus
Tags: access, authentication, bug, ciso, cloud, cve, cvss, cyberattack, exploit, flaw, germany, hacker, injection, monitoring, password, reverse-engineering, sans, sap, service, update, vulnerabilityEin Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet.Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die gewaltige Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte Exploit ermöglicht es einem User mit geringen Berechtigungen, mittels Code-Injection in der SAP-Programmiersprache ABAP die vollständige Kontrolle über ein S/4HANA-System zu…
-
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers >>to a limited extent
-
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers >>to a limited extent
-
Critical SAP S/4HANA Vulnerability Actively Exploited, Allowing Full System Takeover
A critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge. The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to execute code injection and gain full control of an SAP system. Organizations running SAP S/4HANA on-premise or…
-
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.”SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the…
-
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.”SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the…
-
Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability
Tags: access, attack, authentication, business, ciso, credentials, data, exploit, malicious, monitoring, password, programming, sans, sap, service, threat, vulnerability, zero-daydelete and insert data directly in the SAP Database;creating SAP users with SAP_ALL; download password hashes; modify business processes.”Historically, it has been difficult to apply patches to these complex systems, and many organizations will require careful (and slow) testing before the patches are deployed in production,” Johannes Ullrich, dean of research at the SANS Institute, told CSO.”ERP…
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
So werden CRM-Systeme keine offenen Tore – SAP-Sicherheit zwischen Cloud und Chaos
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheit-in-hybriden-sap-landschaften-a-bc1c71e1d9e9373573e8ccfa152f3beb/
-
Critical SAP Vulns Under Exploitation in ‘One-Two Punch’ Attack
The vulnerabilities themselves aren’t new, but are being exploited in a novel manner that could lead to a devastating attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-sap-vulns-under-exploitation
-
Critical SAP Vulns Under Exploitation in ‘One-Two Punch’ Attack
The vulnerabilities themselves aren’t new, but are being exploited in a novel manner that could lead to a devastating attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-sap-vulns-under-exploitation
-
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/cve-2025-31324-cve-2025-42999-sap-netweaver-exploit-public/
-
Exploit weaponizes SAP NetWeaver bugs for full system compromise
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS score: 10.0) is a missing authorization check in NetWeaver’s Visual Composer…
-
Public Exploit Released for Critical SAP NetWeaver Flaw
A critical flaw in SAP NetWeaver AS Java is being widely exploited, allowing unauthenticated remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-netweaver-flaw-exploit-released/
-
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft.The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.CVE-2025-31324 (CVSS score: 10.0) – Missing First seen…
-
SAP 0-Day Exploit Reportedly Leaked by ShinyHunters Hackers
A sophisticated exploit targeting critical SAP vulnerabilities has been publicly released by the notorious hacking group ShinyHunters, significantly escalating the threat landscape for enterprise SAP environments. The exploit, which chains together multiple zero-day vulnerabilities, was allegedly leaked through the >>Scattered LAPSUS$ Hunters ShinyHunters
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
SAP Security Patch Day Fixes 15 Flaws, Including 3 Injection Vulnerabilities
SAP released critical security updates on August 12, 2025, addressing 15 vulnerabilities across its enterprise software portfolio, with three severe code injection flaws receiving the highest CVSS scores of 9.9. The monthly Security Patch Day also included four updates to previously released security notes, highlighting the company’s ongoing commitment to protecting customer environments against evolving…