SAP 4HANA Vulnerability Under Attack

A critical vulnerability in SAP 4HANA systems is currently being actively exploited by threat actors, posing significant risks to enterprises relying on this widely used ERP platform. The vulnerability allows attackers to execute unauthorized commands, potentially leading to data breaches, system disruptions, and further infiltration into corporate networks. Organizations using SAP 4HANA are urged to prioritize patching and implement robust monitoring to detect exploitation attempts. This article delves into the technical details of the vulnerability, the nature of ongoing attacks, and recommended mitigation strategies to safeguard critical business operations. It also highlights the importance of timely updates and the role of cybersecurity teams in defending against sophisticated threat actors targeting enterprise software environments. Staying informed and proactive is essential to mitigate the impact of this emerging threat in the cybersecurity landscape.

This Cyber News was published on www.darkreading.com. Publication date: Fri, 05 Sep 2025 20:45:08 +0000

Cyber News related to SAP 4HANA Vulnerability Under Attack

The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news

The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
1 year ago Cybersecurity-insiders.com

SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
1 year ago Securityweek.com CVE-2023-49583 CVE-2023-50422

Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
1 year ago Securityboulevard.com

Critical SAP S/4HANA vulnerability now exploited in attacks - A critical vulnerability in SAP S/4HANA, a widely used enterprise resource planning software, is now actively exploited by attackers. This vulnerability, identified as CVE-2023-34362, allows unauthorized attackers to execute arbitrary commands on ...
2 months ago Bleepingcomputer.com CVE-2023-34362

SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers - The exploitation technique uses HTTP request smuggling to bypass security controls and trigger a memory corruption vulnerability. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability ...
6 months ago Cybersecuritynews.com CVE-2023-7629

SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
1 year ago Securityweek.com

Critical SAP S/4HANA Vulnerability CVE-2025-12345 Exposes Enterprises to Remote Code Execution - A critical vulnerability identified as CVE-2025-12345 has been discovered in SAP S/4HANA, a leading enterprise resource planning software. This flaw allows remote attackers to execute arbitrary code, potentially compromising sensitive business data ...
2 months ago Thehackernews.com CVE-2025-12345

SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
1 year ago Securityweek.com CVE-2019-17495 CVE-2022-36364 CVE-2024-33006

SAP 4HANA Vulnerability Under Attack - A critical vulnerability in SAP 4HANA systems is currently being actively exploited by threat actors, posing significant risks to enterprises relying on this widely used ERP platform. The vulnerability allows attackers to execute unauthorized ...
2 months ago Darkreading.com CVE-2023-XXXX

SAP S/4HANA Vulnerability Actively Exploited in the Wild - A critical vulnerability in SAP S/4HANA, a widely used enterprise resource planning software, is currently being actively exploited by threat actors. This security flaw allows attackers to execute unauthorized commands and potentially gain control ...
2 months ago Cybersecuritynews.com CVE-2024-12345 Unknown threat actors

SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
1 year ago Securityweek.com CVE-2023-49583

SAP Security Patch Addresses Privilege Escalation Flaw - SAP is a leading enterprise software suite that integrates various business functions like:-. This renowned enterprise software suite helps organizations to:-. Recently, on a security note, the German multinational software company SAP released a ...
1 year ago Cybersecuritynews.com CVE-2024-21734

Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild - Discovered in April 2025 by ReliaQuest security researchers during incident response activities, the vulnerability has already been weaponized in attacks against organizations running even fully-patched SAP installations. Organizations using SAP ...
7 months ago Cybersecuritynews.com CVE-2025-31324

SAP NetWeaver Vulnerability Exposes Critical Systems to Attack - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain a critical security vulnerability. This flaw allows attackers to potentially execute arbitrary code remotely, posing a ...
2 months ago Cybersecuritynews.com CVE-2024-12345

SAP NetWeaver Vulnerabilities: Critical Flaws and Security Risks - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain several critical vulnerabilities that pose significant security risks to enterprises globally. These vulnerabilities, if ...
1 month ago Cybersecuritynews.com CVE-2023-XXXX CVE-2023-YYYY CVE-2024-ZZZZ APT28 Lazarus Group

January Patch Tuesday: New year, more Windows bugs The Register - Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are ...
1 year ago Go.theregister.com CVE-2024-20674 CVE-2024-20700 CVE-2023-49583 CVE-2023-50422 CVE-2023-20193 CVE-2023-20194

Microsoft security bypass bug said to be under exploit The Register - Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was ...
1 year ago Go.theregister.com CVE-2024-26234 CVE-2024-29988 CVE-2024-21322 CVE-2023-48784 CVE-2024-23662 CVE-2024-22246

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Chinese Hackers Exploit SAP RCE Vulnerability to Upload Supershell Backdoors - A critical remote code execution vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) is being actively exploited by a Chinese threat actor to compromise enterprise systems worldwide. Cyber Security News is a Dedicated News Platform For ...
6 months ago Cybersecuritynews.com CVE-2025-31324

Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures - In April 2025, security researchers identified a sophisticated campaign targeting critical infrastructure networks worldwide through a previously unknown vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, ...
6 months ago Cybersecuritynews.com CVE-2025-31324

SAP’s July 2025 Patch Day - Patch for 27 Vulnerabilities Including 7 Critical One’s - The remaining critical vulnerabilities focus on insecure deserialization issues across SAP NetWeaver Enterprise Portal components, including CVE-2025-42980 in the Federated Portal Network, CVE-2025-42964 in Portal Administration, CVE-2025-42966 in ...
4 months ago Cybersecuritynews.com CVE-2025-42980

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw - Researchers reported that the threat actors are utilizing webshells with names like, "cache.jsp" and "helper.jsp." Howver, Nextron Research says they are also using random names, making it more difficult to find vulnerable Netweaver ...
7 months ago Bleepingcomputer.com CVE-2025-31324