Cybersecurity experts are sounding alarms over a critical vulnerability identified in SAP systems, rated an alarming 9.9 out of 10 for severity. This flaw, designated as CVE-2025-42887, poses a significant risk, potentially allowing cyber attackers full control over an organization’s SAP environment and the sensitive data it manages. The discovery was made by the SecurityBridge Threat Research Labs, a team focused on pinpointing security weaknesses within SAP software.
SAP software is integral to many businesses globally, performing essential functions in areas such as finance and logistics. Consequently, the implications of this security vulnerability are severe and immediate.
Understanding the Vulnerability
The most pressing concern identified by SecurityBridge is related to a component known as SAP Solution Manager. This powerful tool is vital for managing various SAP systems. The vulnerability is classified as a Code Injection threat, allowing an attacker to exploit a remote feature to inject harmful code. Once successfully integrated, this malicious code can lead to a complete compromise of the system.
Joris van de Vis, the Director of Security Research at SecurityBridge, highlighted the gravity of this flaw, stating in a blog post shared with Hackread.com that it is “particularly dangerous because it allows the injection of code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system.”
Immediate Action Required
In response to this critical vulnerability, SAP released a public patch on November 11, 2025, as part of its monthly Patch Day. This update included 25 new and updated SAP Security Notes, four of which were categorized under the highest-priority HotNews category. Notably, the release also addressed another critical flaw, CVE-2025-42890, which received a perfect severity score of 10.0/10 due to hardcoded login details in the SQL Anywhere Monitor tool.
Among other updates, SAP also provided fixes for issues affecting SAP Supplier Relationship Management (SRM) and a memory flaw in SAP CommonCryptoLib, which is essential for encryption tasks. Given the nature of the vulnerabilities, all organizations utilizing SAP software are strongly advised to implement the patch without delay.
While the patch addresses the vulnerability, it simultaneously provides cybercriminals with the necessary information to replicate the attack, potentially accelerating exploit development. Therefore, immediate action is critical.
In addition to addressing the critical vulnerabilities, SAP has also issued updates for older software. Four fixes were made available for the SAP Business Connector, a tool familiar to many integration specialists. The SecurityBridge team additionally reported two other vulnerabilities addressed in the November patches, categorized as Medium priority and Low priority, respectively.
Prior to the public disclosure of these vulnerabilities, SecurityBridge informed its customers on October 30, 2025, urging them to enhance their security measures in anticipation of the upcoming updates.
As the cybersecurity landscape remains ever-evolving, organizations using SAP systems are reminded of the importance of timely updates and vigilance against potential threats.
