CVE-2025-42950 is a critical vulnerability identified in SAP Landscape Transformation (SLT), a component of the SAP Analysis Platform. The vulnerability arises from improper control over the generation of code (CWE-94) within a function module exposed via Remote Function Call (RFC). An attacker possessing user-level privileges can exploit this flaw to inject arbitrary ABAP code into the system. This injection bypasses essential authorization checks, effectively creating a backdoor that can lead to full system compromise. The vulnerability impacts multiple versions of SLT, including DMIS 2011_1_700 through 2011_1_752 and the 2020 release. The CVSS v3.1 score of 9.9 reflects the critical nature of this vulnerability, highlighting its network attack vector, low attack complexity, requirement of low privileges, no user interaction, and a scope change that affects confidentiality, integrity, and availability at a high level. Exploitation could allow attackers to execute arbitrary code, manipulate or exfiltrate sensitive data, disrupt system operations, and potentially pivot to other parts of the enterprise network. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make it a significant threat to organizations using affected SAP SLT versions.

For European organizations, the impact of CVE-2025-42950 is substantial due to the widespread use of SAP systems in critical sectors such as manufacturing, finance, healthcare, and public administration. Exploitation could lead to unauthorized access to sensitive business data, intellectual property theft, disruption of business processes, and potential regulatory non-compliance under GDPR due to data breaches. The ability to inject arbitrary ABAP code means attackers could manipulate financial records, alter supply chain data, or disrupt analytics and reporting functions, causing operational and reputational damage. Given SAP’s integral role in enterprise resource planning (ERP) and business intelligence, this vulnerability could also facilitate lateral movement within networks, increasing the risk of broader compromise. The criticality of this vulnerability necessitates urgent attention to prevent potential large-scale impacts on European businesses and public sector entities.

To mitigate CVE-2025-42950, organizations should immediately identify and isolate affected SAP SLT instances. Since no official patch links are currently available, organizations should engage with SAP support for guidance and monitor for forthcoming security updates. In the interim, restrict access to the vulnerable RFC function modules to only highly trusted and essential users, implementing strict network segmentation and firewall rules to limit exposure. Employ SAP’s security audit logs and monitoring tools to detect anomalous ABAP code execution or unauthorized access attempts. Conduct thorough privilege reviews to minimize user privileges and enforce the principle of least privilege. Additionally, implement multi-factor authentication (MFA) for SAP user accounts and enhance monitoring for suspicious activities within SAP environments. Organizations should also prepare incident response plans specific to SAP system compromises and consider deploying application-layer firewalls or runtime application self-protection (RASP) solutions where feasible to detect and block malicious code injections.