“This vulnerability could fill in an important gap in an attacker’s arsenal to attack these systems,” he added. “They will still need some credentials, but they could be low-level credentials they found via some other attack.”
Platform complexity leads to potential vulnerabilities
SAP S/4HANA is no stranger to vulnerabilities. In April, for example, a cross-site request forgery vulnerability (CVE-2025-31328) was discovered in S/4HANA’s Learning Solution module. In February, an open redirect vulnerability was found in S/4HANA’s Extended Application (XS) Services Advanced Model (CVE-2025-24868) that allows an unauthenticated attacker to craft a malicious link that redirects an unwitting victim to a malicious website.
Eric Mehler, a German-based CISO who blogs on common security vulnerabilities in S/4HANA, has written that the complexity of the platform can introduce potential security vulnerabilities, often due to misconfiguration or oversight. These issues include keeping default SAP accounts that still use default passwords and excessive user permissions, allowing unencrypted SAP traffic or traffic with outdated protocols like TLS 1.0, insufficient traffic monitoring and logging, and insecure ABAP programming practices.
