Overview

• The Dutch National Cyber Security Center reports the flaw is being exploited to a limited extent, echoing SecurityBridge’s verification of in-the-wild abuse.
• The code injection bug allows arbitrary ABAP execution through an RFC-exposed function module, letting low-privileged users bypass checks and potentially fully compromise systems, with a CVSS score of 9.9.
• SAP issued a fix in its August 12, 2025 security updates, and administrators are urged to patch immediately to reduce exposure.
• SecurityBridge says reverse-engineering the ABAP patch is relatively straightforward and has published a demonstration showing how the exploit works.
• Defenders are advised to monitor for suspicious RFC calls or new admin users, use SAP UCON and review access to authorization object S_DMIS activity 02, ensure segmentation and backups, and prioritize S/4HANA S4CORE 102–108 on-prem and Private Cloud deployments.