We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 24 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 24
System Types
Affected SAP© system types
3660659
CVSS
10.0
Affected system type
Java
Patchday
2025-11
Released on
2025/10/14
Description
[CVE-2025-42944] Security Hardening for Insecure Deserialization in SAP NetWeaver AS Java
3666261
CVSS
10.0
Affected system type
Sybase platform
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42890] Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
3647332
CVSS
9.0
Affected system type
ABAP
Patchday
2025-11
Released on
2025/10/14
Description
[CVE-2025-42910] Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management
3664466
CVSS
7.5
Affected system type
SAP Commerce Cloud
Patchday
2025-11
Released on
2025/10/14
Description
[CVE-2025-5115] Denial of service (DOS) in SAP Commerce Cloud (Search and Navigation)
3633049
CVSS
7.5
Affected system type
ABAP Java HANA platform
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42940] Memory Corruption vulnerability in SAP CommonCryptoLib
3643385
CVSS
6.9
Affected system type
SAP HANA Client
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42895 ] Code Injection vulnerability in SAP HANA JDBC Client
3666038
CVSS
6.8
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42894] Path Traversal vulnerability in SAP Business Connector
3665900
CVSS
6.8
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42892] OS Command Injection vulnerability in SAP Business Connector
3660969
CVSS
6.5
Affected system type
Java
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42884] JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
3662000
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42893] Open Redirect vulnerability in SAP Business Connector
3665907
CVSS
6.1
Affected system type
SAP Business Connector
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42886] Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
3642398
CVSS
6.1
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42924] Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP)
3597355
CVSS
6.1
Affected system type
ABAP
Patchday
2025-11
Released on
2025/08/12
Description
[CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP
3639264
CVSS
5.8
Affected system type
SAP HANA Platform
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42885] Missing authentication in SAP HANA 2.0 (hdbrss)
3651097
CVSS
5.5
Affected system type
SAP GUI / Frontend
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42888] Information Disclosure vulnerability in SAP GUI for Windows
2886616
CVSS
5.4
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42889] SQL Injection vulnerability in SAP Starter Solution (PL SAFT)
3643603
CVSS
5.3
Affected system type
Java
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42919] Information Disclosure vulnerability in SAP NetWeaver Application Server Java
3652901
CVSS
5.3
Affected system type
SAP Business One
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42897] Information Disclosure vulnerability in SAP Business One (SLD)
3627644
CVSS
5.0
Affected system type
ABAP
Patchday
2025-11
Released on
2025/09/09
Description
[CVE-2025-42911] Missing Authorization check in SAP NetWeaver (Service Data Download)
3530544
CVSS
4.3
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42899] Missing Authorization check in SAP S4CORE (Manage Journal Entries)
3643337
CVSS
4.3
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42882] Missing Authorization check in SAP NetWeaver Application Server for ABAP
3617142
CVSS
3.5
Affected system type
BI/BO platform
Patchday
2025-11
Released on
2025/10/14
Description
[CVE-2025-31672] Deserialization Vulnerability in SAP BusinessObjects (Web Intelligence and Platform Search)
3426825
CVSS
3.1
Affected system type
ABAP
Patchday
2025-11
Released on
2025/02/11
Description
[CVE-2025-23191] Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP
3634053
CVSS
2.7
Affected system type
ABAP
Patchday
2025-11
Released on
2025/11/11
Description
[CVE-2025-42883] Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)