A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.
The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.
"SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html