We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 20
 System Types
Affected SAP© system types

 

Related note
3581961
CVSS
9.9

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/08

Description
[CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Security Advisory

 

Related note
3359825
CVSS
4.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22

Description
[CVE-2025-31327] OData meta-data property entity tampering in SAP Field Logistics

Security Advisory

 

Related note
3558755
CVSS
4.4

Affected system type
SAP Data Services
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-26662] Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console

Security Advisory

 

Related note
2491817
CVSS
6.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43009] Missing Authorization check in SAP Service Parts Management (SPM)

Security Advisory

 

Related note
3574520
CVSS
4.3

Affected system type
SAP GUI / Frontend
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43005] Information Disclosure vulnerability in SAP GUI for Windows

Security Advisory

 

Related note
3577300
CVSS
6.6

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-42997] Information Disclosure vulnerability in SAP Gateway Client

Security Advisory

 

Related note
3578900
CVSS
8.6

Affected system type
Java
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-30018] Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

Security Advisory

 

Related note
3596033
CVSS
6.4

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43003] Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)

Security Advisory

 

Related note
3227940
CVSS
4.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43002] Missing Authorization check in SAP S4/HANA (OData meta-data property)

Security Advisory

 

Related note
2719724
CVSS
6.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43007] Missing Authorization check in SAP Service Parts Management (SPM)

Security Advisory

 

Related note
3586013
CVSS
7.9

Affected system type
BI/BO platform
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43000] Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

Security Advisory

 

Related note
3587115
CVSS
9.9

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/08

Description
[CVE-2025-31330] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

Security Advisory

 

Related note
3446649
CVSS
4.6

Affected system type
ABAP
Patchday
2025-05
Released on
2025/04/22

Description
[CVE-2025-31328] Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)

Security Advisory

 

Related note
3577287
CVSS
6.2

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-31329] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

 

Related note
3604119
CVSS
9.1

Affected system type
Java
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

Security Advisory

 

Related note
3588455
CVSS
6.1

Affected system type
Java
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43006] Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Security Advisory

 

Related note
3571096
CVSS
5.3

Affected system type
SAP Digital...
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43004] Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)

Security Advisory

 

Related note
3594142
CVSS
10.0

Affected system type
Java
Exploit available
Patchday
2025-05
Released on
2025/04/24

Description
[CVE-2025-31324] Missing Authorization check in SAP NetWeaver (Visual Composer development server)

Security Advisory

 

Related note
3483344
CVSS
7.7

Affected system type
ABAP
Patchday
2025-05
Released on
2024/07/09

Description
[CVE-2024-39592] Missing Authorization check in SAP PDCE

Security Advisory

 

Related note
3600859
CVSS
8.3

Affected system type
ABAP
Patchday
2025-05
Released on
2025/05/13

Description
[CVE-2025-43010] Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2025 by SecurityBridge GmbH

v37.4