SAP© Security Advisories - 03 2025 - Severity Low

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
Relax, this release only contains severity low advisories. None of the 5 corrections ranges higher than CVSS score higher than 3.7.

Severity

SAP© Security advisories 5

System Types

Affected SAP© system types

_{Related note}
3568865

_CVSS
2.4

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-27432] Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

Security Advisory

_{Related note}
3561861

_CVSS
3.5

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

Security Advisory

_{Related note}
3576540

_CVSS
0.0

_{Affected system
type}
BTP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
Open Source Security Advisory: Best Practices for Securing Spring Boot Actuator Endpoints for applications running on BTP

Security Advisory

_{Related note}
3562415

_CVSS
3.7

_{Affected system
type}
SAP Commerce Cloud SAP DataHub

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2024-38819] Multiple vulnerabilities in Spring Framework within SAP Commerce Cloud and SAP Datahub

Security Advisory

_{Related note}
3347991

_CVSS
3.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/02/24

Description
[CVE-2025-26655] Missing Authorization check in SAP JIT(Outbound)

Security Advisory

Notifications

Severity

SAP© Security advisories 5

System Types

Affected SAP© system types

Related note 3568865

CVSS 2.4

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3561861

CVSS 3.5

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3576540

CVSS 0.0

Affected system type BTP

Patchday2025-03

Released on2025/03/11

Related note 3562415

CVSS 3.7

Affected system type SAP Commerce Cloud SAP DataHub

Patchday2025-03

Released on2025/03/11

Related note 3347991

CVSS 3.1

Affected system type ABAP

Patchday2025-03

Released on2025/02/24

_{Related note}
3568865

_CVSS
2.4

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3561861

_CVSS
3.5

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3576540

_CVSS
0.0

_{Affected system
type}
BTP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3562415

_CVSS
3.7

_{Affected system
type}
SAP Commerce Cloud SAP DataHub

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3347991

_CVSS
3.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/02/24