A critical vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is now being actively exploited, allowing attackers to inject malicious code and fully compromise enterprise systems. Despite patches being available since August 2025, unsecured servers face risks of data theft, ransomware, and operational disruption. Security researchers warn that the flaw's exposure makes reverse-engineering exploits trivial for skilled threat actors.