SAP© Security Advisories - 03 2025 - Severity Medium

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 15 security advices for you to review.

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

_{Related note}
3549494

_CVSS
4.1

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-23185] Information Disclosure in SAP Business Objects Business Intelligence Platform

Security Advisory

_{Related note}
3557459

_CVSS
4.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-0062] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Security Advisory

_{Related note}
3557469

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-25245] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Security Advisory

_{Related note}
3561792

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

Security Advisory

_{Related note}
3567246

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-27431] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

Security Advisory

_{Related note}
3562390

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-25242] Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3561045

_CVSS
6.8

_{Affected system
type}
SAP Business One

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-26658] Broken Authentication in SAP Business One (Service Layer)

Security Advisory

_{Related note}
3557655

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-26660] Broken Access Control in SAP Fiori apps (Posting Library)

Security Advisory

_{Related note}
3552144

_CVSS
5.7

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-25244] Missing Authorization Check in SAP Business Warehouse (Process Chains)

Security Advisory

_{Related note}
3552824

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-26659] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
3558132

_CVSS
4.9

_{Affected system
type}
Kernel

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-0071] Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager

Security Advisory

_{Related note}
3475427

_CVSS
4.3

_{Affected system
type}
SAP Fiori

_Patchday
2025-03

_{Released
on}
2024/08/13

Description
[CVE-2024-41736] Information Disclosure vulnerability in SAP Permit to Work

Security Advisory

_{Related note}
3474392

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-26656] Missing Authorization check in S/4HANA (Manage Purchasing Info Records)

Security Advisory

_{Related note}
3557131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-23188] Missing Authorization check in SAP S/4HANA (RBD)

Security Advisory

_{Related note}
3565835

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

Description
[CVE-2025-27433] Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

Security Advisory

Notifications

Severity

SAP© Security advisories 15

System Types

Affected SAP© system types

Related note 3549494

CVSS 4.1

Affected system type BI/BO platform

Patchday2025-03

Released on2025/03/11

Related note 3557459

CVSS 4.7

Affected system type BI/BO platform

Patchday2025-03

Released on2025/03/11

Related note 3557469

CVSS 5.4

Affected system type BI/BO platform

Patchday2025-03

Released on2025/03/11

Related note 3561792

CVSS 5.3

Affected system type Java

Patchday2025-03

Released on2025/03/11

Related note 3567246

CVSS 5.4

Affected system type Java

Patchday2025-03

Released on2025/03/11

Related note 3562390

CVSS 6.1

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3561045

CVSS 6.8

Affected system type SAP Business One

Patchday2025-03

Released on2025/03/11

Related note 3557655

CVSS 4.3

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3552144

CVSS 5.7

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3552824

CVSS 6.1

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3558132

CVSS 4.9

Affected system type Kernel

Patchday2025-03

Released on2025/03/11

Related note 3475427

CVSS 4.3

Affected system type SAP Fiori

Patchday2025-03

Released on2024/08/13

Related note 3474392

CVSS 4.3

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3557131

CVSS 4.3

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

Related note 3565835

CVSS 4.3

Affected system type ABAP

Patchday2025-03

Released on2025/03/11

_{Related note}
3549494

_CVSS
4.1

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3557459

_CVSS
4.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3557469

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3561792

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3567246

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3562390

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3561045

_CVSS
6.8

_{Affected system
type}
SAP Business One

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3557655

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3552144

_CVSS
5.7

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3552824

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3558132

_CVSS
4.9

_{Affected system
type}
Kernel

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3475427

_CVSS
4.3

_{Affected system
type}
SAP Fiori

_Patchday
2025-03

_{Released
on}
2024/08/13

_{Related note}
3474392

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3557131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11

_{Related note}
3565835

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-03

_{Released
on}
2025/03/11