We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 17 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 17
System Types
Affected SAP© system types
3594142
CVSS
10.0
Affected system type
Java
Exploit available
Patchday
2025-05
Released on
2025/04/24
Description
[CVE-2025-31324] Missing Authorization check in SAP NetWeaver (Visual Composer development server)
3587115
CVSS
9.9
Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/08
Description
[CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)
3600859
CVSS
8.3
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43010] Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))
3586013
CVSS
7.9
Affected system type
BI/BO platform
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43000] Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)
3483344
CVSS
7.7
Affected system type
ABAP
Patchday
2025-05
Released on
2024/07/09
Description
[CVE-2024-39592] Missing Authorization check in SAP PDCE
3577300
CVSS
6.6
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-42997] Information Disclosure vulnerability in SAP Gateway Client
3596033
CVSS
6.4
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43003] Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)
2719724
CVSS
6.3
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43007] Missing Authorization check in SAP Service Parts Management (SPM)
2491817
CVSS
6.3
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43009] Missing Authorization check in SAP Service Parts Management (SPM)
3577287
CVSS
6.2
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-31329] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
3588455
CVSS
6.1
Affected system type
Java
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43006] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)
3571096
CVSS
5.3
Affected system type
SAP Digital...
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43004] Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)
3446649
CVSS
4.6
Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22
Description
[CVE-2025-31328] Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)
3558755
CVSS
4.4
Affected system type
SAP Data Services
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-26662] Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console
3574520
CVSS
4.3
Affected system type
SAP GUI / Frontend
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43005] Information Disclosure vulnerability in SAP GUI for Windows
3359825
CVSS
4.3
Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22
Description
[CVE-2025-31327] OData meta-data property entity tampering in SAP Field Logistics
3227940
CVSS
4.3
Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13
Description
[CVE-2025-43002] Missing Authorization check in SAP S4/HANA (OData meta-data property)