SAP is the foundation for most business applications and a primary target for hackers. BridgeView PR services’ client, SecurityBridge, continually discovers zero-day vulnerabilities, and it’s BridgeView’s job to alert the public. We placed this news in MSN with quotes from our client, doing our part to sound the hacker alarm and for companies to patch their attack vectors.

Originally posted by MSN at https://www.msn.com/en-us/news/technology/sap-fixes-serious-security-issues-here-s-how-to-stay-safe/ar-AA1QiWSR

SAP Solution Manager, an application lifecycle management (ALM) platform with tens of thousands of user organizations, carried a critical severity vulnerability that allowed threat actors to fully take over compromised endpoints, experts have warned.

Security researchers SecurityBridge, who notified SAP after finding the flaw, described as a “missing input sanitation” vulnerability, which allows unauthenticated threat actors to insert malicious code when calling a remote-enabled function module.

“This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system”, the National Vulnerability Database (NVD) explained.

SAP fixes a 10/10 bug

The bug is now tracked as CVE-2025-42887 and was given a severity score of 9.9/10 (critical).

A patch is now publicly available, and while SAP’s users were previously notified, the researchers are once again urging everyone to apply it as soon as possible since the risk is only going to get bigger going forward:

“A public patch for this vulnerability has been released today, which might speed up reverse-engineering and exploit development, so patching soon is advised,” SecurityBridge said in its announcement.

“When we discover a vulnerability that scores a 9.9 out of 10 priority rating, we know we’re looking at a threat that could give attackers complete system control,” said Joris van de Vis, Director of Security Research, SecurityBridge.

“CVE-2025-42887 is particularly dangerous because it allows to inject code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system. This code-injection vulnerability in SAP Solution Manager represents exactly the kind of critical attack surface weakness that our Threat Research Labs work tirelessly to identify and eliminate. SAP systems are the backbone of business operations, and vulnerabilities like this remind us why proactive security research is non-negotiable.”

The vulnerability was fixed as part of SAP’s November Patch Day, a cumulative update that addressed 18 new and updates to two previously observed bugs. Besides the one mentioned above, SAP fixed a 10/10 flaw in the non-GUI variant of the SQL Anywhere Monitor. This bug is tracked as CVE-2024-42890 and is another case of hardcoded credentials.

“SQL Anywhere Monitor (Non-GUI) baked credentials into the code, exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution,” the description reads. SQL Anywhere Monitor is a database monitoring and alert tool, and part of the SQL Anywhere suite.