SAP© Security Advisories - 04 2025 - Severity Medium

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 11 security advices for you to review.

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

_{Related note}
3565944

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-30015] Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Security Advisory

_{Related note}
3558864

_CVSS
4.4

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-30017] Missing Authorization check in SAP Solution Manager

Security Advisory

_{Related note}
3568307

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-26657] Information Disclosure vulnerability in SAP KMC WPC

Security Advisory

_{Related note}
3525971

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2024/10/10

Description
[CVE-2025-31333] Odata meta-data tampering in SAP S4CORE entity

Security Advisory

_{Related note}
3543274

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-26654] Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

Security Advisory

_{Related note}
3568778

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-27437] Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

Security Advisory

_{Related note}
3565751

_CVSS
6.6

_{Affected system
type}
BI/BO platform

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-31332] Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3571093

_CVSS
6.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-30013] Code Injection vulnerability in SAP ERP BW Business Content

Security Advisory

_{Related note}
3559307

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-26653] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
3577131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

Security Advisory

_{Related note}
3539465

_CVSS
4.2

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08

Description
[CVE-2025-27435] Information Disclosure Vulnerability in SAP Commerce Cloud

Security Advisory

Notifications

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

Related note 3565944

CVSS 4.1

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3558864

CVSS 4.4

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3568307

CVSS 5.3

Affected system type Java

Patchday2025-04

Released on2025/04/08

Related note 3525971

CVSS 4.3

Affected system type ABAP

Patchday2025-04

Released on2024/10/10

Related note 3543274

CVSS 6.8

Affected system type SAP Commerce Cloud

Patchday2025-04

Released on2025/04/08

Related note 3568778

CVSS 4.3

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3565751

CVSS 6.6

Affected system type BI/BO platform

Patchday2025-04

Released on2025/04/08

Related note 3571093

CVSS 6.7

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3559307

CVSS 4.7

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3577131

CVSS 4.3

Affected system type ABAP

Patchday2025-04

Released on2025/04/08

Related note 3539465

CVSS 4.2

Affected system type SAP Commerce Cloud

Patchday2025-04

Released on2025/04/08

_{Related note}
3565944

_CVSS
4.1

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3558864

_CVSS
4.4

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3568307

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3525971

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2024/10/10

_{Related note}
3543274

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3568778

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3565751

_CVSS
6.6

_{Affected system
type}
BI/BO platform

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3571093

_CVSS
6.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3559307

_CVSS
4.7

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3577131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-04

_{Released
on}
2025/04/08

_{Related note}
3539465

_CVSS
4.2

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-04

_{Released
on}
2025/04/08