We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 26 and the highest CVSS score is 9.9.

 

 Severity
SAP© Security advisories 26
 System Types
Affected SAP© system types

 

Related note
3633838
CVSS
9.9

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42950] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

Security Advisory

 

Related note
3627998
CVSS
9.9

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42957] Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Security Advisory

 

Related note
3581961
CVSS
9.9

Affected system type
ABAP
Patchday
2025-08
Released on
2025/04/08

Description
[CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Security Advisory

 

Related note
3610892
CVSS
9.1

Affected system type
Java
Patchday
2025-08
Released on
2025/07/08

Description
[CVE-2025-42966] Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)

Security Advisory

 

Related note
3625403
CVSS
8.8

Affected system type
SAP Business One
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42951] Broken Authorization in SAP Business One (SLD)

Security Advisory

 

Related note
3600846
CVSS
8.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/07/08

Description
[CVE-2025-42959] Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476

Security Advisory

 

Related note
3611184
CVSS
8.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42976] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

Security Advisory

 

Related note
3614804
CVSS
6.9

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)

Security Advisory

 

Related note
3596987
CVSS
6.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/07/08

Description
[CVE-2025-42969] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

 

Related note
3585491
CVSS
6.1

Affected system type
Kernel
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42945] HTML Injection vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

 

Related note
3597355
CVSS
6.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

Security Advisory

 

Related note
3617131
CVSS
6.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/07/08

Description
[CVE-2025-42981] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

 

Related note
3629871
CVSS
6.1

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42948] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform

Security Advisory

 

Related note
3503138
CVSS
6.0

Affected system type
SAP GUI / Frontend
Patchday
2025-08
Released on
2025/01/14

Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

 

Related note
3585992
CVSS
5.8

Affected system type
ABAP
Patchday
2025-08
Released on
2025/05/13

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Security Advisory

 

Related note
3540688
CVSS
5.5

Affected system type
ABAP
Patchday
2025-08
Released on
2025/07/22

Description
[CVE-2025-42947] Code Injection vulnerability in SAP FICA ODN framework

Security Advisory

 

Related note
3602656
CVSS
5.4

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42936] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

 

Related note
3561792
CVSS
5.3

Affected system type
Java
Patchday
2025-08
Released on
2025/03/11

Description
[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

Security Advisory

 

Related note
3626722
CVSS
4.9

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42949] Missing Authorization check in ABAP Platform

Security Advisory

 

Related note
3627845
CVSS
4.5

Affected system type
SAP GUI / Frontend
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42943] Information Disclosure in SAP GUI for Windows

Security Advisory

 

Related note
3577131
CVSS
4.3

Affected system type
ABAP
Patchday
2025-08
Released on
2025/04/08

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

Security Advisory

 

Related note
3616863
CVSS
4.3

Affected system type
ABAP
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42934] CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)

Security Advisory

 

Related note
3601480
CVSS
4.1

Affected system type
Kernel
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42935] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)

Security Advisory

 

Related note
3624943
CVSS
3.5

Affected system type
SAP UI5
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42941] Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)

Security Advisory

 

Related note
3557179
CVSS
3.5

Affected system type
Java
Patchday
2025-08
Released on
2025/07/08

Description
[CVE-2025-42978] Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

Security Advisory

 

Related note
3611345
CVSS
3.5

Affected system type
SAP Cloud Connector
Patchday
2025-08
Released on
2025/08/12

Description
[CVE-2025-42955] Missing authorization check in SAP Cloud Connector

Security Advisory

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2025 by SecurityBridge GmbH

v38.6