SecurityBridge, the innovator behind the Cybersecurity Command Center for SAP, has revealed a significant vulnerability in SAP software, tagged with a severity rating of 9.9 out of 10.
Customers were notified on October 30, 2025, ahead of the public announcement, allowing them to update their detection signatures in advance.
This vulnerability is part of a trio of security issues identified by the SecurityBridge Threat Research Labs, all included in the 25 new and updated SAP Security Notes released for November's Patch Day.
Details of the SAP Patch Day Alert
This flaw permits the misuse of a remote-enabled function module to insert malicious code
The SAP Patch Day alert highlights a critical concern documented in HotNews note 3668705 – [CVE-2025-42887], a Code Injection vulnerability within SAP Solution Manager.
This flaw permits the misuse of a remote-enabled function module to insert malicious code, potentially granting attackers full control over affected systems.
A public patch has been issued, which may accelerate the timeline for reverse engineering and exploit development, underscoring the urgency of applying the patch promptly.
Additional Vulnerabilities Discovered
Besides the critical code injection vulnerability, the research labs identified two other vulnerabilities featured in the latest SAP Patch Day notes. A medium-priority vulnerability, note 3643337 – [CVE-2025-42882], involves a Missing Authorization check within SAP NetWeaver Application Server for ABAP 4.3.
Additionally, a low-priority vulnerability, note 3634053 – [CVE-2025-42883], concerns Insecure File Operations within SAP NetWeaver Application Server for ABAP's Migration Workbench.
Expert Insights on Code-Injection Threats
"When we discover a vulnerability that scores a 9.9 out of 10 priority rating, we know we're looking at a threat that could give attackers complete system control," explained Joris van de Vis, Director of Security Research at SecurityBridge.
"CVE-2025-42887 is particularly dangerous because it allows to inject code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system."
He added that such vulnerabilities highlight the critical need for ongoing vigilance and proactive research within SAP environments.
Tracking Previous Discoveries
SecurityBridge has enhanced its platform to safeguard customers against known threats
The SecurityBridge Threat Research Labs has a proven track record of identifying critical vulnerabilities in SAP systems. In September 2025, they uncovered a major code injection vulnerability within SAP S/4HANA, labeled CVE-2025-42957, matching the severity of the current discovery.
One month earlier, in August 2025, three vulnerabilities were exposed, two of which also held a severity rating of 9.9 out of 10. These included CVE-2025-42950 in SAP Landscape Transformation and CVE-2025-42957 in SAP S/4HANA systems.
To mitigate risks associated with these vulnerabilities, SecurityBridge has enhanced its platform to safeguard customers against known threats. The company's Patch Management capabilities provide vital insights into current patching gaps within SAP landscapes and deliver a comprehensive overview of the newest vulnerabilities.
Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.
