- 56/2025
- High
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released security updates to address vulnerabilities affecting SAP Commerce (Swagger UI), SAP Business One, SAP Business Warehouse, and SAP NetWeaver (ABAP Class Builder).
The attacker could exploit some of theses vulnerabilities to perform cross-site scripting attacks or gain elevated privileges leading to potential data theft, data manipulation, or service disruption.
Sample of the addressed vulnerabilities:
1. SAP Commerce (Swagger UI) Cross-Site Scripting Vulnerability (CVE-2025- 27434):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. SAP NetWeaver (ABAP Class Builder) Missing Authorization Check Vulnerability (CVE-2025-26661):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.