CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

SAP Patches Critical S/4HANA Vulnerability

SAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities. The post SAP Patches Critical S/4HANA Vulnerability appeared first on SecurityWeek.

SAP vulnerabilities

SAP has fixed more than a dozen vulnerabilities with its August 2025 Patch Tuesday updates, including critical vulnerabilities. 

This Patch Tuesday — or as the enterprise software giant calls it, Security Patch Day — 15 new security notes (fixes) have been released, along with four updates to previous fixes.

Onapsis, a company specializing in enterprise application security, which often finds SAP product vulnerabilities, pointed out that the vendor has released a total of 26 new and updated fixes since the previous Patch Tuesday.

Of these 26 fixes, four have been classified as ‘hot news’ or ‘critical’, including two that are new and two updates to previous patches. The new ‘hot news’ patches are for CVE-2025-42950 and CVE-2025-42957, which have been described as code injection issues.

According to Onapsis, they can be exploited for arbitrary code execution, which can lead to a full system compromise. 

CVE-2025-42950 and CVE-2025-42957 are the same vulnerability, Onapsis said, but different CVEs have been assigned to different products. CVE-2025-42957 has been assigned to the S/4HANA enterprise resource planning (ERP) software, while CVE-2025-42950 is for the older generation of the ERP software, ERP Central Component (ECC). 

The new high-priority patches address a broken authorization issue in SAP Business One (CVE-2025-42951, allows an authenticated attacker to obtain admin privileges), and multiple memory corruption bugs in NetWeaver Application Server ABAP (CVE-2025-42976, can lead to sensitive information leaks).

The remaining new issues, which have ‘low’ or ‘medium’ priority, impact S/4HANA, NetWeaver, ABAP Platform, Cloud Connector and other products.

It’s important for organizations to install the available updates as it’s not uncommon for threat actors to exploit SAP product vulnerabilities in their attacks. 

SAP customers were recently warned that a NetWeaver zero-day flaw patched in April had been exploited since at least January. NetWeaver vulnerabilities have been exploited recently by both ransomware groups and cyberspies

Related: SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

Related: Critical Vulnerability Patched in SAP NetWeaver

Related: SAP Patches Another Exploited NetWeaver Vulnerability

Latest News

CYBERNEWSMEDIAPublisher