CVE-2025-42967 is a critical remote code execution (RCE) vulnerability affecting SAP SE's SAP S/4HANA and SAP Supply Chain Management (SCM) products, specifically within the Characteristic Propagation functionality. The vulnerability is classified under CWE-94, which pertains to improper control of code generation. This flaw allows an attacker with user-level privileges to create a new report containing arbitrary code. Because the vulnerability does not require user interaction and has low attack complexity, an attacker can exploit it remotely over the network. Successful exploitation can lead to full system compromise, granting the attacker the ability to execute arbitrary code with the privileges of the SAP system, thereby impacting confidentiality, integrity, and availability. The affected versions include multiple releases of SCMAPO, S4CORE, S4COREOP, and SCM modules, spanning versions from SCMAPO 713 and 714, S4CORE 102 through 108, and SCM 700 through 712. The CVSS v3.1 base score is 9.9, indicating a critical severity with network attack vector, low complexity, privileges required but no user interaction, and scope change. No known exploits are currently reported in the wild, but the high severity and ease of exploitation make this a significant threat. The lack of published patches at the time of disclosure further increases risk for organizations running affected versions. This vulnerability could be leveraged by malicious insiders or external attackers who have obtained user-level access, enabling them to escalate privileges and execute arbitrary code, potentially leading to data breaches, system manipulation, or denial of service conditions within critical SAP enterprise environments.

For European organizations, the impact of CVE-2025-42967 is substantial due to the widespread use of SAP S/4HANA and SCM in industries such as manufacturing, logistics, finance, and public sector entities. Exploitation could lead to unauthorized access to sensitive business data, disruption of supply chain operations, and manipulation of financial records, severely affecting business continuity and compliance with regulations like GDPR. The ability to execute arbitrary code remotely means attackers could implant persistent backdoors or disrupt critical enterprise resource planning (ERP) functions, causing operational downtime and reputational damage. Given SAP's integral role in many European enterprises' IT infrastructure, this vulnerability poses a high risk to confidentiality, integrity, and availability of business-critical systems. Additionally, the potential for cross-system impact due to SAP's interconnected modules could amplify the damage. The absence of known exploits currently provides a window for proactive mitigation, but the critical severity necessitates urgent attention to prevent exploitation, especially in sectors with stringent regulatory requirements and high-value data assets.

Organizations should immediately identify and inventory all SAP S/4HANA and SCM instances running affected versions. Since no official patches are available at the time of disclosure, interim mitigations include restricting user privileges to the minimum necessary, especially limiting the ability to create or modify reports and execute custom code. Implement strict access controls and monitor for anomalous activities related to report creation or code execution within SAP environments. Employ network segmentation to isolate SAP systems from less trusted networks and enforce strong authentication mechanisms such as multi-factor authentication (MFA) for all SAP user accounts. Regularly review SAP audit logs for suspicious behavior indicative of exploitation attempts. Coordinate with SAP support channels to obtain and apply security patches as soon as they are released. Additionally, consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting unusual code execution patterns within SAP processes. Conduct security awareness training for SAP administrators and users to recognize potential exploitation indicators. Finally, prepare incident response plans tailored to SAP system compromises to ensure rapid containment and recovery.