Thought Leadership
Just in time for the monthly Patch Day, SAP has published 26 security advisories, including four reports classified as particularly critical. The most serious vulnerability has a CVSS score of 9.9 and affects S/4HANA installations.
For Security Patch Day in August 2025, the Walldorf-based enterprise software giant published 15 new security notes and updated four existing patches (can be found here). Onapsis, a company specializing in SAP security, announced that a total of 26 new and revised fixes have been made available since the last Patch Tuesday.
Critical code injection vulnerabilities fixed
SAP classifies four of the patches as “hot news” or critical – two of them are new, two are updates to existing fixes. The new critical patches address the vulnerabilities CVE-2025-42950 and CVE-2025-42957, which Onapsis describes as code injection problems.
Both vulnerabilities allow attackers to execute arbitrary code and thus achieve complete system compromise. According to Onapsis, this is the same vulnerability, but it has been assigned different CVE numbers for different products: CVE-2025-42957 affects the S/4HANA ERP software, while CVE-2025-42950 affects the older ERP Central Component (ECC).
Further high-priority fixes
Other high-priority patches include a faulty authorization issue in SAP Business One (CVE-2025-42951), which can give admin rights to authenticated attackers. In addition, several memory corruption bugs in NetWeaver Application Server ABAP (CVE-2025-42976) have been fixed, which could lead to information leaks.
The other new vulnerabilities with “low” or “medium” priority concern S/4HANA, NetWeaver, the ABAP Platform, Cloud Connector and other products.
Quick installation recommended
Companies should install the available updates promptly, as SAP vulnerabilities are regularly exploited by cyber criminals. Just recently, SAP customers were warned about a NetWeaver zero-day vulnerability that had been patched since April, but had been actively exploited since January. NetWeaver vulnerabilities are very popular with both ransomware groups and cyber spies.
(lb/Onapsis)
