A significant security vulnerability has been identified in SAP systems, prompting the company to issue an emergency patch. Rated a critical 9.9 out of 10 in severity, this flaw could allow cyber attackers to gain full control over a company’s SAP network, jeopardizing sensitive data. The discovery was made by the SecurityBridge Threat Research Labs, a team dedicated to pinpointing security weaknesses within SAP infrastructure.
Understanding the Vulnerability
The vulnerability, classified as CVE-2025-42887, affects the SAP Solution Manager, a vital tool for managing various SAP applications. The problem arises from a code injection vulnerability, which enables attackers to exploit remote features to insert malicious code. Once the code is executed, it compromises the entire system.
In a blog post shared with Hackread.com, Joris van de Vis, Director of Security Research at SecurityBridge, stated, “This flaw is particularly dangerous because it allows the injection of code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system.”
Immediate Action Required
The urgent nature of this vulnerability necessitates immediate action. SAP included this critical patch among 25 new and updated security notes released on November 11, 2025, during its monthly Patch Day. Notably, this release contained four updates categorized as HotNews, which signifies the highest priority.
Alongside CVE-2025-42887, SAP also addressed another severe issue, CVE-2025-42890, which received a perfect score of 10.0 out of 10 for its impact on the SQL Anywhere Monitor tool due to hardcoded login credentials. Other updates included patch notes for various SAP components, with notable fixes for SAP SRM and a memory flaw in the SAP CommonCryptoLib, which is utilized for encryption tasks.
A public patch for CVE-2025-42887 is now available, allowing organizations to mitigate the risk. Nevertheless, the release of such information might enable cybercriminals to accelerate the development of exploit techniques. Therefore, SAP strongly advises all organizations using its software to implement this patch without delay.
In addition to addressing critical vulnerabilities, SAP also released four fixes for the SAP Business Connector, a tool familiar to many integration specialists. The SecurityBridge team had initially alerted its clients about these vulnerabilities on October 30, 2025, emphasizing the importance of updating security measures prior to public disclosure.
As businesses increasingly rely on SAP systems for essential operations, the urgency of applying these patches cannot be overstated. Failure to address these vulnerabilities could lead to severe consequences, affecting not only individual organizations but also their customers and partners in the global supply chain.