- 98/2025
- Critical
SAP has released security updates to address several vulnerabilities affecting multiple SAP products.
SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP Supplier Relationship Management, SAP Business Objects Business Intelligence Platform, SAP PDCE, SAP Service Parts Management (SPM), and SAP Landscape Transformation.
The attacker could exploit some of these vulnerabilities to perform cross-site scripting attacks, obtain sensitive information, or gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Insecure Deserialization in SAP NetWeaver (Visual Composer Development Server) Vulnerability (CVE-2025-42999):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. SAP Supplier Relationship Management (Live Auction Cockpit) Obtain Information Vulnerability (CVE-2025-30018):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.