Vulnerability Management, Patch/Configuration Management

Over two dozen SAP vulnerabilities addressed

SAP is a German based multinational software corporation

Fixes have been issued by enterprise software vendor SAP for 27 security vulnerabilities impacting its various offerings as part of this month's Patch Tuesday, reports SecurityWeek.

Aside from addressing a quartet of critical insecure deserialization flaws in NetWeaver tracked as CVE-2025-42963, CVE-2025-42964, CVE-2025-42966, and CVE-2025-42980 which could be leveraged for app or system compromise and total host system takeovers, SAP has also patched four high-severity bugs in NetWeaver, Business Warehouse, and Business Objects. Moreover, updated security notes have been provided for the SAP Supplier Relationship Management defect, tracked as CVE-2025-30012, which had its severity increased from low to maximum. SAP has also included a fix for a critical S/4HANA and SCM remote code execution flaw, tracked as CVE-2025-42967, which could be abused to facilitate complete SAP system hijacking. Organizations using the vulnerable SAP instances have been advised to promptly implement the newly released updates.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds