SAP launched its month-to-month Safety Patch Day replace addressing 14 vital vulnerabilities throughout a number of enterprise merchandise.
The great safety replace consists of patches addressing vital authorization bypass points and cross-site scripting vulnerabilities, with CVSS scores starting from 3.0 to 9.6.
Organizations utilizing SAP enterprise options are strongly suggested to prioritize the implementation of those safety patches to guard their business-critical landscapes from potential exploitation.
Important & Excessive-severity Vulnerabilities Patched
Probably the most extreme vulnerability addressed on this patch cycle is CVE-2025-42989, a lacking authorization test in SAP NetWeaver Software Server for ABAP.
This vital flaw carries a most CVSS rating of 9.6 and impacts KERNEL variations 7.89, 7.93, 9.14, and 9.15.
The vulnerability might probably enable unauthorized entry to delicate enterprise features, making speedy patching important for organizations working these kernel variations.
CVE-2025-42982 represents a high-priority data disclosure vulnerability in SAP GRC (AC Plugin) with a CVSS rating of 8.8.
This safety flaw impacts GRCPINW variations V1100_700 and V1100_731, probably exposing delicate governance, threat, and compliance information to unauthorized customers.
Moreover, CVE-2025-42983 addresses a lacking authorization test in SAP Enterprise Warehouse and SAP Plug-In Foundation, scoring 8.5 on the CVSS scale and affecting a number of variations, together with PI_BASIS 2006_1_700 by 731, 740, and SAP_BW variations 750 by 915.
Medium Severity Vulnerabilities
A number of medium-priority vulnerabilities had been addressed, focusing totally on SAP S/4HANA purposes.
CVE-2025-42993 addresses a lacking authorization test in SAP S/4HANA’s Enterprise Occasion Enablement performance, impacting SAP_GWFND variations 757 and 758, with a CVSS rating of 6.7.
This vulnerability might probably enable unauthorized entry to enterprise occasion processing capabilities.
CVE-2025-31325 addresses a Cross-Web site Scripting vulnerability in SAP NetWeaver’s ABAP Key phrase Documentation, particularly impacting SAP_BASIS model 758 with a CVSS rating of 5.8.
The patch additionally consists of fixes for CVE-2025-42984, which resolves authorization test points in SAP S/4HANA’s Handle Central Buy Contract utility affecting S4CORE variations 106, 107, and 108.
Extra medium-priority patches embody CVE-2025-42998 for safety misconfiguration in SAP Enterprise One Integration Framework and CVE-2025-42987 addressing authorization checks in SAP S/4HANA’s financial institution assertion processing guidelines performance.
Low Severity Vulnerabilities
CVE-2025-42988 addresses Server-Facet Request Forgery in SAP Enterprise Objects Enterprise Intelligence Platform, affecting ENTERPRISE variations 430, 2025, and 2027 with a CVSS rating of three.7.
CVE-2025-42990 resolves HTML injection points in unprotected SAPUI5 purposes throughout a number of UI variations.
SAP strongly recommends that prospects go to the Help Portal instantly to obtain and apply these vital safety patches.
Organizations ought to prioritize patches primarily based on their CVSS scores and the criticality of affected methods inside their enterprise panorama.
Common monitoring of SAP Safety Patch Day releases stays important for sustaining sturdy cybersecurity postures in enterprise environments.
Reside Credential Theft Assault Unmask & Immediate Protection – Free Webinar
