- 196/2025
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Landscape Transformation, SAP Business One, ABAP Platform, SAP Cloud, SAP BusinessObjects Business Intelligence Platform, and SAP Supplier Relationship Management.
The attacker could exploit some of these vulnerabilities to perform cross-site scripting attacks, gain elevated privileges, obtain sensitive information, bypass security restrictions, manipulate data, execute arbitrary commands/codes, and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. SAP Netweaver (RMI-P4) Insecure Deserialization Vulnerability (CVE-2025- 42944):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. SAP NetWeaver Missing Authentication Check Vulnerability (CVE-2025-42958):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Data Manipulation
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.