Skip to main content

SAP S/4HANA code-injection (CVE-2025-42957) now under active exploitation

Scope: SAP S/4HANA

Severity: Red

A critical code-injection flaw in S/4HANA is being exploited in the wild to breach exposed servers. Apply SAP’s August 11 security note and restrict external exposure.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.