SAP© Security Advisories - 07 2025 - Severity Hot News

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 6 and the highest CVSS score is 10.0.

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

_{Related note}
3578900

_CVSS
10.0

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/05/13

Description
[CVE-2025-30012] Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

Security Advisory

_{Related note}
3618955

_CVSS
9.9

_{Affected system
type}
ABAP

_Patchday
2025-07

_{Released
on}
2025/07/08

Description
[CVE-2025-42967] Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)

Security Advisory

_{Related note}
3621771

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

Description
[CVE-2025-42963] Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )

Security Advisory

_{Related note}
3610892

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

Description
[CVE-2025-42966] Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)

Security Advisory

_{Related note}
3621236

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

Description
[CVE-2025-42964] Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

Security Advisory

_{Related note}
3620498

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

Description
[CVE-2025-42980] Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network

Security Advisory

Notifications

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

Related note 3578900

CVSS 10.0

Affected system type Java

Patchday2025-07

Released on2025/05/13

Related note 3618955

CVSS 9.9

Affected system type ABAP

Patchday2025-07

Released on2025/07/08

Related note 3621771

CVSS 9.1

Affected system type Java

Patchday2025-07

Released on2025/07/08

Related note 3610892

CVSS 9.1

Affected system type Java

Patchday2025-07

Released on2025/07/08

Related note 3621236

CVSS 9.1

Affected system type Java

Patchday2025-07

Released on2025/07/08

Related note 3620498

CVSS 9.1

Affected system type Java

Patchday2025-07

Released on2025/07/08

_{Related note}
3578900

_CVSS
10.0

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/05/13

_{Related note}
3618955

_CVSS
9.9

_{Affected system
type}
ABAP

_Patchday
2025-07

_{Released
on}
2025/07/08

_{Related note}
3621771

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

_{Related note}
3610892

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

_{Related note}
3621236

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08

_{Related note}
3620498

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2025-07

_{Released
on}
2025/07/08