How ZeroPath Works
Back to Blog

SAP S/4HANA and SCM Under Siege: Critical RCE Vulnerability CVE-2025-42967 Explained

A critical remote code execution vulnerability (CVE-2025-42967) in SAP S/4HANA and SCM Characteristic Propagation allows high-privileged attackers to gain full system control.
CVE Analysis

7 min read

ZeroPath Security Research

ZeroPath Security Research

2025-07-07

SAP S/4HANA and SCM Under Siege: Critical RCE Vulnerability CVE-2025-42967 Explained

Introduction

SAP S/4HANA and SAP Supply Chain Management (SCM) are cornerstones of enterprise resource planning and logistics management, powering critical operations for thousands of global enterprises. Recently, a severe vulnerability, CVE-2025-42967, has emerged, posing significant risks by enabling remote code execution (RCE) through the Characteristic Propagation module. This flaw, rated at a critical CVSS score of 9.1, underscores the urgent need for immediate remediation.

Technical Information

CVE-2025-42967 affects SAP S/4HANA and SCM Characteristic Propagation due to inadequate input validation during report creation. Attackers with high privileges exploit this by embedding malicious code within reports. Upon processing these reports, the embedded payload executes at the system level, granting attackers full control over the affected SAP systems. This vulnerability aligns with CWE-94, indicating improper control of code generation, a common yet severe security oversight.

Attack Vectors and Exploitation Methods

The exploitation process involves:

  • Authentication with high-privilege credentials.
  • Creation of a malicious report containing executable payloads.
  • Execution of the payload by the SAP server during report processing.

Patch Information

SAP has released a security patch addressing this vulnerability, detailed in SAP Note 3618955. The patch includes enhanced authorization checks, refined code segments to prevent unauthorized access, and updated default configurations to bolster security. Administrators are strongly advised to apply this patch immediately to mitigate potential exploitation risks.

Affected Systems and Versions

  • SAP S/4HANA: Versions 2020–2025 (unpatched deployments)
  • SAP SCM: Extended Warehouse Management (EWM) and Advanced Planning modules

Vendor Security History

SAP has previously encountered similar vulnerabilities, notably in authorization checks and input validation mechanisms. Their response time to critical vulnerabilities is generally swift, reflecting a mature security posture. However, recurring issues suggest ongoing challenges in securing complex legacy modules.

References

Source: This report was created using AI

If you have suggestions for improvement or feedback, please reach out to us at [email protected]

Detect & fix
what others miss

Get startedBook a demo