We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Hey there! Glad you made it.
We have found 19 security advices for you to review.

 

 Severity
SAP© Security advisories 19
 System Types
Affected SAP© system types

 

Related note
3595143
CVSS
6.9

Affected system type
SAPCAR
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-43001] Multiple Privilege Escalation Vulnerabilities in SAPCAR

Security Advisory

 

Related note
3580384
CVSS
6.7

Affected system type
ABAP
Patchday
2025-07
Released on
2025/06/10

Description
[CVE-2025-42993] Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)

Security Advisory

 

Related note
3604212
CVSS
6.1

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42962] Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)

Security Advisory

 

Related note
3617380
CVSS
6.1

Affected system type
BI/BO platform
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42985] Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench

Security Advisory

 

Related note
3617131
CVSS
6.1

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42981] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

 

Related note
3596987
CVSS
6.1

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42969] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

 

Related note
3595156
CVSS
5.8

Affected system type
SAPCAR
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42970] Directory Traversal vulnerability in SAPCAR

Security Advisory

 

Related note
3585992
CVSS
5.8

Affected system type
ABAP
Patchday
2025-07
Released on
2025/05/13

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Security Advisory

 

Related note
3607513
CVSS
5.6

Affected system type
SAP GUI / Frontend
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42979] Insecure Key & Secret Management vulnerability in SAP GUI for Windows

Security Advisory

 

Related note
3540688
CVSS
5.5

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/22

Description
[CVE-2025-42947] Code Injection vulnerability in SAP FICA ODN framework

Security Advisory

 

Related note
3606103
CVSS
5.4

Affected system type
SAP Data Services
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42973] Cross-Site Scripting (XSS) vulnerability in SAP Data Services (DQ Report)

Security Advisory

 

Related note
3621037
CVSS
5.0

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42968] Missing Authorization check in SAP NetWeaver (RFC enabled function module)

Security Advisory

 

Related note
3610322
CVSS
4.9

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42961] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

 

Related note
3626440
CVSS
4.3

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42986] Missing Authorization check in SAP NetWeaver and ABAP Platform

Security Advisory

 

Related note
3610056
CVSS
4.3

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42974] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Security Advisory

 

Related note
3608991
CVSS
4.3

Affected system type
ABAP
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42960] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools

Security Advisory

 

Related note
3598118
CVSS
4.1

Affected system type
BI/BO platform
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42965] Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application.

Security Advisory

 

Related note
3573199
CVSS
4.1

Affected system type
BI/BO platform
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-31326] HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Security Advisory

 

Related note
3595141
CVSS
4.0

Affected system type
SAPCAR
Patchday
2025-07
Released on
2025/07/08

Description
[CVE-2025-42971] Memory Corruption vulnerability in SAPCAR

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2025 by SecurityBridge GmbH

v38.6