CVE-2025-42950 is a critical code injection vulnerability classified under CWE-94, affecting SAP Landscape Transformation (SLT), an analysis platform used for real-time data replication and transformation in SAP environments. The vulnerability resides in a function module exposed via Remote Function Call (RFC) interfaces, which are commonly used for inter-system communication in SAP landscapes. An attacker possessing valid user privileges can exploit this flaw to inject arbitrary ABAP code into the system. This injection bypasses essential authorization checks, which normally restrict code execution privileges, effectively creating a backdoor within the SAP system. The injected code can execute with elevated privileges, enabling the attacker to manipulate data, disrupt operations, or gain persistent control over the system. The affected versions include multiple releases from DMIS 2011_1_700 through 2020, indicating a broad impact across several SAP SLT deployments. The vulnerability has a CVSS 3.1 base score of 9.9, reflecting its critical nature, with network attack vector, low attack complexity, and requiring only privileges but no user interaction. The scope is changed, meaning the vulnerability affects components beyond the initially compromised user context. Although no exploits have been reported in the wild yet, the potential for severe damage is high given the nature of SAP systems as enterprise backbones. The vulnerability undermines confidentiality, integrity, and availability of data and services, posing a significant risk to organizations relying on SAP SLT for data transformation and replication.

The impact of CVE-2025-42950 is severe for organizations worldwide that utilize SAP Landscape Transformation. Exploitation can lead to full system compromise, allowing attackers to execute arbitrary code with elevated privileges. This can result in unauthorized data access, data manipulation, disruption of business processes, and potential lateral movement within the enterprise network. Given SAP's critical role in enterprise resource planning (ERP), finance, supply chain, and other core business functions, a successful attack could cause significant operational downtime, financial loss, regulatory non-compliance, and reputational damage. The vulnerability's ability to bypass authorization checks increases the risk of insider threats or compromised user accounts being leveraged for attacks. The broad range of affected versions means many organizations may be exposed, especially those with delayed patching cycles. The absence of known exploits in the wild currently provides a window for proactive defense, but the critical severity score indicates that exploitation would have devastating consequences.

1. Immediate mitigation should focus on restricting access to the vulnerable RFC function modules by implementing strict authorization checks and network-level segmentation to limit exposure. 2. Monitor SAP system logs and RFC call activity for unusual or unauthorized code execution attempts. 3. Apply SAP security notes and patches as soon as they are released by SAP for the affected SLT versions. 4. Enforce the principle of least privilege by reviewing and minimizing user privileges, especially for accounts with RFC access. 5. Implement multi-factor authentication (MFA) for SAP user accounts to reduce the risk of credential compromise. 6. Conduct regular security audits and vulnerability assessments focused on SAP environments to detect misconfigurations or unauthorized changes. 7. Employ runtime application self-protection (RASP) or SAP-specific security tools that can detect and block abnormal ABAP code execution. 8. Establish incident response plans tailored to SAP system compromises to enable rapid containment and recovery. 9. Educate SAP administrators and users about the risks of this vulnerability and best practices for secure SAP operations. These steps go beyond generic advice by focusing on SAP-specific controls, proactive monitoring, and rapid patch management.