Fixes have been issued by enterprise software vendor SAP for 27 security vulnerabilities impacting its various offerings as part of this month's Patch Tuesday, reports SecurityWeek.
Aside from addressing a quartet of critical insecure deserialization flaws in NetWeaver tracked as CVE-2025-42963, CVE-2025-42964, CVE-2025-42966, and CVE-2025-42980 which could be leveraged for app or system compromise and total host system takeovers, SAP has also patched four high-severity bugs in NetWeaver, Business Warehouse, and Business Objects. Moreover, updated security notes have been provided for the SAP Supplier Relationship Management defect, tracked as CVE-2025-30012, which had its severity increased from low to maximum. SAP has also included a fix for a critical S/4HANA and SCM remote code execution flaw, tracked as CVE-2025-42967, which could be abused to facilitate complete SAP system hijacking. Organizations using the vulnerable SAP instances have been advised to promptly implement the newly released updates.
Aside from addressing a quartet of critical insecure deserialization flaws in NetWeaver tracked as CVE-2025-42963, CVE-2025-42964, CVE-2025-42966, and CVE-2025-42980 which could be leveraged for app or system compromise and total host system takeovers, SAP has also patched four high-severity bugs in NetWeaver, Business Warehouse, and Business Objects. Moreover, updated security notes have been provided for the SAP Supplier Relationship Management defect, tracked as CVE-2025-30012, which had its severity increased from low to maximum. SAP has also included a fix for a critical S/4HANA and SCM remote code execution flaw, tracked as CVE-2025-42967, which could be abused to facilitate complete SAP system hijacking. Organizations using the vulnerable SAP instances have been advised to promptly implement the newly released updates.




