Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Code Injection Flaws in SAP, Patch Immediately!
Image
Published : 12/08/2025
* Last update: 12/08/2025
* Affected software:: SAP
* Type: Improper Control of Generation of Code ('Code Injection')
* CVE/CVSS
→ CVE-2025-42957: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-42950: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-27429: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
SAP Security Patch Day - August 2025 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
Risks
Three critical vulnerabilities have been patched in SAP S/4HANA (Private Cloud & On-Premise) and SAP Landscape Transformation (SLT).
These systems run core financial, HR, and operational processes for many organizations, making them high-value targets for attackers.
Attackers with basic user accounts could inject malicious code that takes full control of your SAP systems.
They could:
• Steal sensitive financial and operational data (Confidentiality)
• Alter business-critical records (Integrity)
• Shut down core business processes (Availability)
The risk level is CRITICAL (CVSS 9.9). The flaw is easy to exploit, and could potentially be weaponized quickly. Organizations should immediately apply the vendor’s patches to mitigate the risks.
Description
SAP’s August 2025 Patch Tuesday release delivers fixes for 19 security vulnerabilities across its product portfolio, including the three critical flaws detailed below, along with two rated high severity and twelve rated medium severity.
CVE-2025-42957: SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVE-2025-42950: SAP Landscape Transformation (Analysis Platform)
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVE-2025-27429: SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
CVE.org https://www.cve.org/CVERecord?id=CVE-2025-42957
CVE.org https://www.cve.org/CVERecord?id=CVE-2025-42950
CVE.org https://www.cve.org/CVERecord?id=CVE-2025-27429