SAP Security Notes - 08/25 - Medium

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 16 security advices for you to review.

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

_{Related note}
3614804

_CVSS
6.9

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)

Security Advisory

_{Related note}
3585491

_CVSS
6.1

_{Affected system
type}
Kernel

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42945] HTML Injection vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3596987

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/08

Description
[CVE-2025-42969] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Security Advisory

_{Related note}
3597355

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

Security Advisory

_{Related note}
3617131

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/08

Description
[CVE-2025-42981] Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3629871

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42948] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform

Security Advisory

_{Related note}
3503138

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-08

_{Released
on}
2025/01/14

Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
3585992

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/05/13

Description
[CVE-2025-43008] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Security Advisory

_{Related note}
3540688

_CVSS
5.5

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/22

Description
[CVE-2025-42947] Code Injection vulnerability in SAP FICA ODN framework

Security Advisory

_{Related note}
3602656

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42936] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

_{Related note}
3561792

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-08

_{Released
on}
2025/03/11

Description
[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

Security Advisory

_{Related note}
3626722

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42949] Missing Authorization check in ABAP Platform

Security Advisory

_{Related note}
3627845

_CVSS
4.5

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42943] Information Disclosure in SAP GUI for Windows

Security Advisory

_{Related note}
3616863

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42934] CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)

Security Advisory

_{Related note}
3577131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/04/08

Description
[CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver

Security Advisory

_{Related note}
3601480

_CVSS
4.1

_{Affected system
type}
Kernel

_Patchday
2025-08

_{Released
on}
2025/08/12

Description
[CVE-2025-42935] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)

Security Advisory

Notifications

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

Related note 3614804

CVSS 6.9

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3585491

CVSS 6.1

Affected system type Kernel

Patchday2025-08

Released on2025/08/12

Related note 3596987

CVSS 6.1

Affected system type ABAP

Patchday2025-08

Released on2025/07/08

Related note 3597355

CVSS 6.1

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3617131

CVSS 6.1

Affected system type ABAP

Patchday2025-08

Released on2025/07/08

Related note 3629871

CVSS 6.1

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3503138

CVSS 6.0

Affected system type SAP GUI / Frontend

Patchday2025-08

Released on2025/01/14

Related note 3585992

CVSS 5.8

Affected system type ABAP

Patchday2025-08

Released on2025/05/13

Related note 3540688

CVSS 5.5

Affected system type ABAP

Patchday2025-08

Released on2025/07/22

Related note 3602656

CVSS 5.4

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3561792

CVSS 5.3

Affected system type Java

Patchday2025-08

Released on2025/03/11

Related note 3626722

CVSS 4.9

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3627845

CVSS 4.5

Affected system type SAP GUI / Frontend

Patchday2025-08

Released on2025/08/12

Related note 3616863

CVSS 4.3

Affected system type ABAP

Patchday2025-08

Released on2025/08/12

Related note 3577131

CVSS 4.3

Affected system type ABAP

Patchday2025-08

Released on2025/04/08

_{Related note}
3614804

_CVSS
6.9

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3585491

_CVSS
6.1

_{Affected system
type}
Kernel

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3596987

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/08

_{Related note}
3597355

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3617131

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/08

_{Related note}
3629871

_CVSS
6.1

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3503138

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-08

_{Released
on}
2025/01/14

_{Related note}
3585992

_CVSS
5.8

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/05/13

_{Related note}
3540688

_CVSS
5.5

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/07/22

_{Related note}
3602656

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3561792

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-08

_{Released
on}
2025/03/11

_{Related note}
3626722

_CVSS
4.9

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3627845

_CVSS
4.5

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3616863

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/08/12

_{Related note}
3577131

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-08

_{Released
on}
2025/04/08

_{Related note}
3601480

_CVSS
4.1

_{Affected system
type}
Kernel

_Patchday
2025-08

_{Released
on}
2025/08/12