SAP© Security Advisories - 06 2025 - Severity Medium

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 7 security advices for you to review.

Severity

SAP© Security advisories 7

System Types

Affected SAP© system types

_{Related note}
3580384

_CVSS
6.7

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-42993] Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)

Security Advisory

_{Related note}
3585992

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/05/13

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Security Advisory

_{Related note}
3590887

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-31325] Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)

Security Advisory

_{Related note}
3441087

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-42984] Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

Security Advisory

_{Related note}
3594258

_CVSS
5.3

_{Affected system
type}
SAP Business One

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-42998] Security misconfiguration vulnerability in SAP Business One Integration Framework

Security Advisory

_{Related note}
3596850

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-42987] Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)

Security Advisory

_{Related note}
3608058

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

Description
[CVE-2025-42991] Missing Authorization check in SAP S/4HANA (Bank Account Application)

Security Advisory

Notifications

Severity

SAP© Security advisories 7

System Types

Affected SAP© system types

Related note 3580384

CVSS 6.7

Affected system type ABAP

Patchday2025-06

Released on2025/06/10

Related note 3585992

CVSS 5.8

Affected system type ABAP

Patchday2025-06

Released on2025/05/13

Related note 3590887

CVSS 5.8

Affected system type ABAP

Patchday2025-06

Released on2025/06/10

Related note 3441087

CVSS 5.4

Affected system type ABAP

Patchday2025-06

Released on2025/06/10

Related note 3594258

CVSS 5.3

Affected system type SAP Business One

Patchday2025-06

Released on2025/06/10

Related note 3596850

CVSS 4.3

Affected system type ABAP

Patchday2025-06

Released on2025/06/10

Related note 3608058

CVSS 4.3

Affected system type ABAP

Patchday2025-06

Released on2025/06/10

_{Related note}
3580384

_CVSS
6.7

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

_{Related note}
3585992

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/05/13

_{Related note}
3590887

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

_{Related note}
3441087

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

_{Related note}
3594258

_CVSS
5.3

_{Affected system
type}
SAP Business One

_Patchday
2025-06

_{Released
on}
2025/06/10

_{Related note}
3596850

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10

_{Related note}
3608058

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-06

_{Released
on}
2025/06/10