SAP Urges Swift Action: 15 New Advisories Address Critical Code Injection Vulnerabilities

SAP's latest patch cycle fixes three critical code injection flaws. Companies must prioritize patching to protect their systems.

, and Administrator

2025 October 6 . 5:25 AM

1 min read

In this image we can see a bug on the leaf.

SAP Urges Swift Action: 15 New Advisories Address Critical Code Injection Vulnerabilities

SAP has released a significant security update, publishing 15 new advisories and updating 4 existing ones on August 12, 2025. The company urges swift action from security teams to implement these patches due to the critical nature of the vulnerabilities addressed.

The patch cycle fixed three critical code injection vulnerabilities, affecting core SAP products. These allow attackers to execute arbitrary code with elevated privileges. Companies are advised to prioritize patching internet-facing systems and those processing sensitive data.

The critical vulnerabilities include CVE-2025-42957 and CVE-2025-42950, affecting SAP S/4HANA and SAP Landscape Transformation respectively. SAP strongly recommends obtaining the patches via the Support Portal, with a focus on the three critical code injection security gaps.

The patch cycle also addressed cross-site scripting vulnerabilities (XSS), authorization bypass issues, and information disclosure vulnerabilities in several SAP products. Notable updates include patches for SAP GUI for Windows and the SAP Cloud Connector. These vulnerabilities can be exploited with low effort and without user interaction, making them attractive targets for cybercriminals.

The security notifications addressing vulnerabilities in SAP products were published in September 2025, linked to the SAP Patchday in September 2025 which fixed more than twenty vulnerabilities. Among the updated patches is CVE-2025-27429, a previously known code injection vulnerability in S/4HANA. Companies are advised to coordinate with SAP administrators and prioritize these urgent security updates to protect their systems.

Latest

In this image we can see a watch in a box. There is a white color paper with some text on it. At...

Smart-home-devices

Casio Marks 50th Anniversary with Exclusive CRW001G-9JR Gold Ring Watch

Casio's anniversary watch combines classic design with modern features. Only a lucky few will own this exclusive timepiece.

, and Administrator

2025 October 6

In the image there is a spider crawling on the web.

Harness the Power of Data in the Cloud

Google Resolves Crawler Issue Affecting Website Crawl Rates

Google's crawler issue may have impacted your site's visibility. Check your crawl rate now to ensure normal activity resumes.

, and Administrator

2025 October 6

This picture shows a couple of men and women seated and we see microphones on the table and a name...

Master AI Concepts Today

AI Transforms Digital Marketing: Challenges & Opportunities

AI is reshaping how brands reach consumers. It's pushing search results down and driving new campaign types. But it's also making competition tougher.

, and Administrator

2025 October 6

Here we can see engine parts of a vehicle and some other parts. In the background there is a car.

Automotive

Porsche Unveils Panamera S Hybrid in Geneva

Porsche's new hybrid Panamera promises greener luxury driving. See it in Geneva alongside the 911 Black Edition and Cayman R.

, and Administrator

2025 October 6

SAP Urges Swift Action: 15 New Advisories Address Critical Code Injection Vulnerabilities

SAP Urges Swift Action: 15 New Advisories Address Critical Code Injection Vulnerabilities

Read also:

Related

Latest