- 224/2025
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Supplier Relationship Management, SAP NetWeaver Application Server ABAP, SAP BusinessObjects, SAP Print Service, and SAP Commerce Cloud.
The attacker could exploit some of these vulnerabilities to perform denial of service attacks, conduct cross-site request forgery (CSRF), obtain sensitive information, bypass security restrictions, manipulate system files, execute arbitrary commands/codes, and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. SAP Print Service Directory Traversal Vulnerability (CVE-2025-42937):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: File Manipulation
2. SAP Supplier Relationship Management Unrestricted File Upload Vulnerability (CVE-2025-42910):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.