CVE-2025-27429

Critical CVSS: 9.9

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

Vendor

Product

CWE

CWE-94

Yayın Tarihi

2025-04-08 08:15:16

Güncelleme

2025-04-08 18:13:53

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-94 CRITICAL 2025

Referanslar

https://me.sap.com/notes/3581961 https://url.sap/sapsecuritypatchday