- 9/2025
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such SAP NetWeaver ABAP and ABAP Platform, SAP NetWeaver AS for ABAP and ABAP Platform, SAP BusinessObjects Business Intelligence Platform, SAPSetup, SAP Business Workflow, SAP Flexible Workflow, SAP NetWeaver Application Server Java, SAP GUI for Windows and SAP GUI for Java.
The attacker could exploit some of these vulnerabilities to bypass security restrictions, obtain sensitive information, perform cross-site scripting, manipulate data, gain elevated privileges or inject DLL and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Vulnerability (CVE-2025-0070):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Information Disclosure in SAP NetWeaver AS for ABAP and ABAP Platform Vulenrability (CVE-2025-0066):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2025-0070
- CVE-2025-0066
- CVE-2025-0063
- CVE-2025-0069
- CVE-2025-0058
- CVE-2025-0067
- CVE-2025-0059
- CVE-2025-0053
- CVE-2025-0057
- CVE-2025-0061
- CVE-2025-0060
- CVE-2025-0055
- CVE-2025-0056
- CVE-2025-0068
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.