CVE-2025-30013 is a vulnerability identified in SAP ERP BW Business Content, specifically affecting versions BI_CONT 707, 737, 747, and 757. The root cause is improper control of code generation (CWE-94), which manifests as an OS command injection vulnerability in certain SAP function modules. These modules, when executed with elevated privileges, do not properly sanitize or validate user input, allowing an attacker to inject arbitrary operating system commands. This vulnerability enables an attacker with high privileges to execute unintended commands on the underlying host system, potentially leading to full system compromise. The vulnerability has a CVSS 3.1 base score of 6.7, reflecting medium severity, with attack vector local, low attack complexity, required privileges high, no user interaction, and impacts on confidentiality, integrity, and availability all rated high. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk due to the critical nature of SAP ERP systems in enterprise environments. The lack of available patches at the time of publication necessitates immediate mitigation through access control and monitoring. The vulnerability affects core business content components used in SAP ERP BW, which are widely deployed in large organizations for business intelligence and data warehousing.

The exploitation of CVE-2025-30013 can have severe consequences for organizations relying on SAP ERP BW Business Content. Successful command injection can lead to unauthorized execution of arbitrary OS commands, potentially allowing attackers to escalate privileges, manipulate or exfiltrate sensitive business data, disrupt business processes, or deploy further malware. The confidentiality of critical enterprise data is at risk, as is the integrity of business intelligence outputs and the availability of SAP services. Given SAP ERP's central role in many organizations' operations, such a compromise can result in operational downtime, financial losses, regulatory non-compliance, and reputational damage. The requirement for elevated privileges limits the attack surface but also means that insider threats or compromised administrative accounts could be leveraged to exploit this vulnerability. The absence of known exploits currently reduces immediate risk but does not eliminate the potential for future exploitation, especially as threat actors often target SAP systems due to their strategic value.

Organizations should implement the following specific mitigations: 1) Restrict access to SAP function modules that handle user input and require elevated privileges, ensuring only trusted administrators have execution rights. 2) Monitor and audit usage of these function modules for unusual or unauthorized activity. 3) Apply SAP security notes and patches promptly once released for the affected versions (BI_CONT 707, 737, 747, 757). 4) Employ application-level input validation and sanitization where possible to prevent injection of malicious commands. 5) Harden the underlying operating system hosting SAP ERP BW by restricting command execution permissions and employing host-based intrusion detection systems. 6) Conduct regular security assessments and penetration testing focused on SAP environments to detect potential exploitation attempts. 7) Implement network segmentation to isolate SAP systems from less trusted networks, limiting lateral movement in case of compromise. 8) Educate SAP administrators on secure configuration and the risks associated with elevated privilege misuse. These measures go beyond generic advice by focusing on controlling access to vulnerable function modules, monitoring their use, and hardening both SAP and OS layers.