SAP Security Updates – 12 August 2025

SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Landscape Transformation, SAP Business One, ABAP Platform, SAP GUI, SAP Cloud, and SAP Fiori applications.

The attacker could exploit some of these vulnerabilities to perform cross-site scripting attacks, gain elevated privileges, obtain sensitive information, bypass security restrictions, manipulate data, or execute arbitrary commands, and gain access to the affected product.

Sample of the addressed vulnerabilities:

1. SAP S/4HANA (Private Cloud or On-Premise) Code Injection Vulnerability (CVE-2025-42957):

• CVSS: 9.9
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Access

2. SAP Business One (SLD) Broken Authorization Vulnerability (CVE-2025- 42951):

• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Bypass Security