CVE-2025-42880

Name of the Vulnerable Software and Affected Versions SAP Solution Manager (affected versions not specified)

Description SAP Solution Manager is susceptible to a code injection issue stemming from inadequate input sanitation. An authenticated attacker can inject malicious code when invoking a remote-enabled function module. Successful exploitation could grant the attacker complete control over the system, potentially compromising the confidentiality, integrity, and availability of the system. Real-world exploitation of this issue has been reported, with one account detailing a critical situation where a remote code execution (RCE) vulnerability in SAP Solution Manager led to a significant security incident. The vulnerability resides in the lack of proper validation of inputs to remote-enabled function modules, allowing for the execution of arbitrary code. The vulnerable component is a remote-enabled function module.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.