We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 19
 System Types
Affected SAP© system types

 

Related note
3561861
CVSS
3.5

Affected system type
ABAP
Patchday
2025-04
Released on
2025/03/11

Description
[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

Security Advisory

 

Related note
3565944
CVSS
4.1

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Security Advisory

 

Related note
2927164
CVSS
7.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30014] Directory Traversal vulnerability in SAP Capital Yield Tax Management

Security Advisory

 

Related note
3558864
CVSS
4.4

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30017] Missing Authorization check in SAP Solution Manager

Security Advisory

 

Related note
3581811
CVSS
7.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27428] Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Security Advisory

 

Related note
3568307
CVSS
5.3

Affected system type
Java
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC

Security Advisory

 

Related note
3525971
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2024/10/10

Description
[CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity

Security Advisory

 

Related note
3543274
CVSS
6.8

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

Security Advisory

 

Related note
3587115
CVSS
9.9

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

Security Advisory

 

Related note
3568778
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

Security Advisory

 

Related note
3565751
CVSS
6.6

Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

 

Related note
3590984
CVSS
8.1

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2024-56337] Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat within SAP Commerce Cloud

Security Advisory

 

Related note
3571093
CVSS
6.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content

Security Advisory

 

Related note
3572688
CVSS
9.8

Affected system type
SAP Financial Consolidation
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-30016] Authentication Bypass Vulnerability in SAP Financial Consolidation

Security Advisory

 

Related note
3554667
CVSS
8.5

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-23186] Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Security Advisory

 

Related note
3559307
CVSS
4.7

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

 

Related note
3577131
CVSS
4.3

Affected system type
ABAP
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

Security Advisory

 

Related note
3539465
CVSS
4.2

Affected system type
SAP Commerce Cloud
Patchday
2025-04
Released on
2025/04/08

Description
[CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud

Security Advisory

 

Related note
3525794
CVSS
8.8

Affected system type
BI/BO platform
Patchday
2025-04
Released on
2025/02/11

Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2025 by SecurityBridge GmbH

v37.4