SAP launched its month-to-month Safety Patch Day updates, addressing 18 new safety notes and offering two updates to current ones, specializing in vulnerabilities that might allow distant code execution and numerous injection assaults throughout its product ecosystem.
These patches are essential for enterprises counting on SAP methods, as unpatched flaws might expose delicate knowledge and operational disruptions to risk actors.
SAP urges clients to prioritize making use of these fixes through the Help Portal to safeguard their landscapes from potential exploits.
Vital Vulnerabilities Patched
Among the many most extreme points is CVE-2025-42890 in SQL Anyplace Monitor (Non-GUI), model 17.0, which stems from insecure key and secret administration practices.
This crucial vulnerability, scored at CVSS 10.0, permits unauthenticated attackers over the community to compromise confidentiality, integrity, and availability with excessive influence, doubtlessly resulting in full system takeover via uncovered credentials.
Equally, an replace to CVE-2025-42944 in SAP NetWeaver AS Java (SERVERCORE 7.50) reinforces protections towards insecure deserialization, sustaining its CVSS 10.0 ranking and enabling unauthenticated distant code execution through malicious payloads.
Safety consultants spotlight that such deserialization flaws have been exploited within the wild, underscoring the urgency for fast patching.
One other high-impact flaw, CVE-2025-42887 in SAP Resolution Supervisor (ST 720), introduces a code injection vulnerability exploitable by authenticated customers with low privileges, incomes a CVSS rating of 9.9.
Attackers might leverage this to attain cross-scope escalation, executing arbitrary code and disrupting core enterprise capabilities. This aligns with broader tendencies in SAP vulnerabilities the place injection assaults goal foundational elements, amplifying dangers in enterprise environments.
The patch day additionally tackles a number of injection-related points at medium severity, together with CVE-2025-42892 for OS command injection in SAP Enterprise Connector (model 4.8), CVSS 6.8, which might enable high-privileged adjoining attackers to run unauthorized instructions.
CVE-2025-42884 includes JNDI injection in SAP NetWeaver Enterprise Portal (EP-BASIS 7.50), doubtlessly resulting in unauthorized lookups and knowledge leaks, rated at CVSS 6.5.
Moreover, CVE-2025-42889 addresses SQL injection in SAP Starter Resolution (PL SAFT) throughout numerous variations, enabling low-privileged customers to control database queries.
Excessive-severity notes embrace CVE-2025-42940, a reminiscence corruption situation in SAP CommonCryptoLib (model 8) with CVSS 7.5, which might trigger denial-of-service with out authentication.
Medium-priority fixes cowl path traversal (CVE-2025-42894), open redirects (CVE-2025-42924), mirrored XSS (CVE-2025-42886), and lacking authentication (CVE-2025-42885) in elements like SAP HANA 2.0 and Enterprise One. Decrease-severity updates deal with lacking authorizations and cache poisoning in S/4HANA and Fiori.
SAP November 2025 Vulnerability Particulars
The next desk summarizes the 18 new and a pair of up to date safety notes from SAP’s November 2025 Patch Day, together with be aware numbers, related CVEs, vulnerability titles, affected merchandise, variations, priorities, and CVSS v3.0 scores.sap
Word#CVETitleProductVersion(s)PriorityCVSS3666261CVE-2025-42890Insecure key & Secret Administration vulnerability in SQL Anyplace Monitor (Non-Gui)SQL Anyplace Monitor (Non-Gui)SYBASE_SQL_ANYWHERE_SERVER 17.0Critical10.03660659 (Replace)CVE-2025-42944Security Hardening for Insecure Deserialization in SAP NetWeaver AS JavaSAP NetWeaver AS JavaSERVERCORE 7.50Critical10.03668705CVE-2025-42887Code Injection vulnerability in SAP Resolution ManagerSAP Resolution ManagerST 720Critical9.93633049CVE-2025-42940Memory Corruption vulnerability in SAP CommonCryptoLibSAP CommonCryptoLibCRYPTOLIB 8High7.53643385CVE-2025-42895Code Injection vulnerability in SAP HANA JDBC ClientSAP HANA JDBC ClientHDB_CLIENT 2.0Medium6.93665900CVE-2025-42892OS Command Injection vulnerability in SAP Enterprise ConnectorSAP Enterprise ConnectorSAP BC 4.8Medium6.83666038CVE-2025-42894Path Traversal vulnerability in SAP Enterprise ConnectorSAP Enterprise ConnectorSAP BC 4.8Medium6.83660969CVE-2025-42884JNDI Injection vulnerability in SAP NetWeaver Enterprise PortalSAP NetWeaver Enterprise PortalEP-BASIS 7.50, EP-RUNTIME 7.50Medium6.53642398CVE-2025-42924Open Redirect vulnerabilities in SAP S/4HANA panorama (SAP E-Recruiting BSP)SAP S/4HANA panorama (SAP E-Recruiting BSP)S4ERECRT 100, 200, ERECRUIT 600, 603, 604, 605, 606, 616, 617, 800, 801, 802Medium6.13662000CVE-2025-42893Open Redirect vulnerability in SAP Enterprise ConnectorSAP Enterprise ConnectorSAP BC 4.8Medium6.13665907CVE-2025-42886Reflected Cross-Web site Scripting (XSS) vulnerability in SAP Enterprise ConnectorSAP Enterprise ConnectorSAP BC 4.8Medium6.13639264CVE-2025-42885Missing authentication in SAP HANA 2.0 (hdbrss)SAP HANA 2.0 (hdbrss)HDB 2.00Medium5.83651097CVE-2025-42888Information Disclosure vulnerability in SAP GUI for WindowsSAP GUI for WindowsBC-FES-GUI 8.00, 8.10Medium5.52886616CVE-2025-42889SQL Injection vulnerability in SAP Starter Resolution (PL SAFT)SAP Starter Resolution (PL SAFT)SAP_APPL 600, 602, 603, 604, 605, 606, 616, SAP_FIN 617, 618, 700, 720, 730, S4CORE 100, 101, 102, 103, 104Medium5.43643603CVE-2025-42919Information Disclosure vulnerability in SAP NetWeaver Utility Server JavaSAP NetWeaver Utility Server JavaENGINEAPI 7.50, EP-BASIS 7.50Medium5.33652901CVE-2025-42897Information Disclosure vulnerability in SAP Enterprise One (SLD)SAP Enterprise One (SLD)B1_ON_HANA 10.0, SAP-M-BO 10.0Medium5.33530544CVE-2025-42899Missing Authorization examine in SAP S4CORE (Handle Journal Entries)SAP S4CORE (Handle Journal Entries)S4CORE 104, 105, 106, 107, 108Medium4.33643337CVE-2025-42882Missing Authorization examine in SAP NetWeaver Utility Server for ABAPSAP NetWeaver Utility Server for ABAPSAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816Medium4.33426825 (Replace)CVE-2025-23191Cache Poisoning via header manipulation vulnerability in SAP Fiori for SAP ERPSAP Fiori for SAP ERPSAP_GWFND 740, 750, 751, 752, 753, 754, 755, 756, 757, 758Low3.13634053CVE-2025-42883Insecure File Operations vulnerability in SAP NetWeaver Utility Server for ABAP (Migration Workbench)SAP NetWeaver Utility Server for ABAP (Migration Workbench)SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816Low2.7
These vulnerabilities spotlight ongoing challenges in SAP’s legacy and fashionable stacks, the place code execution paths stay prime targets for superior persistent threats.
Enterprises ought to conduct vulnerability scans, section networks, and check patches in staging earlier than manufacturing rollout to mitigate dangers. By addressing these flaws promptly, organizations can keep resilience towards evolving cyber threats in mission-critical SAP deployments.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
