Cybersecurity researchers are issuing an alert regarding a major security vulnerability discovered in SAP systems. This vulnerability, rated an extremely high 9.9 out of 10 in severity, could potentially let cyber attackers take complete control over a company’s SAP network and all the sensitive data it holds.
The discovery came from the SecurityBridge Threat Research Labs, a specialised team dedicated to identifying weaknesses in SAP security. As we know it, SAP software is the crucial backbone for countless businesses worldwide, handling critical functions like finance and logistics. This means any major security vulnerability presents a massive, immediate risk.
Code Injection Threat Explained
The most severe problem found by the SecurityBridge team is known as Note 3668705 (CVE-2025-42887), which affects SAP Solution Manager. This specific component is a powerful tool used to manage other SAP systems.
The issue is a Code Injection vulnerability, meaning an attacker can misuse a remote feature to sneak in malicious programming code. Once the code is successfully injected, it results in a total system compromise.
Joris van de Vis, the Director of Security Research at SecurityBridge, emphasised the severe nature of the threat in the blog post shared with Hackread.com. He noted that this flaw is “particularly dangerous because it allows to injection of code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system.”
Patching Must Be Immediate
This critical vulnerability was part of 25 new and updated SAP Security Notes released on the company’s November Patch Day, November 11, 2025. This month’s fixes included four notes in the highest-priority HotNews category.
SAP’s patch release included a second max-severity flaw (CVE-2025-42890, a perfect 10.0/10) related to hardcoded login details in the SQL Anywhere Monitor tool. Another HotNews fix (Note 3647332) was an update for an issue in SAP SRM. There were also two patches in the important High-Priority category, including one (Note 3633049) for a memory flaw in SAP CommonCryptoLib, used for encryption tasks.
A public fix (patch) has been released for CVE-2025-42887. While this solves the problem, the release of the patch also gives cybercriminals the information they need to try and copy the attack, which could speed up exploit development. Therefore, all organisations using SAP are strongly advised to install this patch immediately.
Furthermore, even older software is seeing updates: four fixes were released for the SAP Business Connector, a tool many integration specialists may remember. The SecurityBridge team also found two other issues addressed in the November patches: a Medium priority vulnerability (Note 3643337) and a Low priority one (Note 3634053).
The firm gave its own customers an advanced warning about these discoveries on October 30, 2025, advising them to update their security protections before the public disclosure.