Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Critical

Code injection in SAP Solution Manager remote-enabled function module

IdentifiersCVE-2025-42880CWE-94· Improper Control of Generation of…

CVE-2025-42880 is a critical code injection vulnerability in SAP Solution Manager caused by missing/improper input sanitization. An authenticated attacker can supply crafted input when invoking a remote-enabled function module (RFC-enabled) such that attacker-controlled data is incorporated into generated/executed code, enabling injection of malicious code. The issue is remotely exploitable over the network and, per the provided CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), can lead to full compromise of the Solution Manager system and potentially broader SAP landscape administration capabilities.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in full control of the SAP Solution Manager system, with high impact to confidentiality, integrity, and availability (including administrative-level access within the SAP enterprise landscape).

Mitigation

If you can’t patch tonight, do this now.

Until patching is complete: restrict access to the affected remote-enabled function modules/RFC interfaces to only required principals and network locations; enforce least privilege for accounts able to invoke RFC-enabled modules; increase monitoring for anomalous RFC/function-module invocation and suspicious payload patterns indicative of code injection attempts.

Remediation

Patch, then assume compromise.

Apply SAP’s December 9, 2025 security update/security note that patches CVE-2025-42880 for SAP Solution Manager (noted in the content as SAP note #3668705 / December 2025 HotNews).
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

28 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

28 SOURCESView more in app
checkpoint research blogNews
Dec 15, 2025
15th December - Threat Intelligence Report - Check Point Research

A critical SAP Solution Manager code injection vulnerability (CVSS 9.9) for which SAP released patches.

Read more
the hacker newsNews
Dec 10, 2025
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

A code injection vulnerability in SAP Solution Manager that enables an authenticated attacker to inject arbitrary code via a remote-enabled function module.

Read more
the hacker newsNews
Dec 10, 2025
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

A code injection vulnerability in SAP Solution Manager allows an authenticated attacker to inject arbitrary code via a remote-enabled function module.

Read more
cvefeed high severityNews
Dec 9, 2025
CVE-2025-42880 - Code Injection vulnerability in SAP Solution Manager

A critical code injection vulnerability in SAP Solution Manager that allows an authenticated attacker to execute arbitrary code via remote-enabled function modules, potentially leading to full system compromise.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity20

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-42880
NVD
nvd.nist.gov/vuln/detail/CVE-2025-42880
MITRE CWE · CWE-94
Improper Control of Generation of Code ('Code…
me.sap.com
me.sap.com/notes/3685270
url.sap
url.sap/sapsecuritypatchday