Summary: SAP has issued critical security patches addressing 19 new vulnerabilities, including a high-risk flaw in the SAP BusinessObjects Business Intelligence platform. The most severe vulnerabilities allow attackers to impersonate users and exploit sensitive data, while others enable unauthorized access to various systems. SAP strongly urges customers to prioritize the application of these patches to protect their infrastructure from potential threats.
Affected: SAP BusinessObjects, SAP Supplier Relationship Management, SAP Approuter, SAP Enterprise Project Connection
Keypoints :
- Critical high-risk vulnerability (CVE-2025-0064, CVSS 8.7) in SAP BusinessObjects allows user impersonation.
- Path Traversal Vulnerability (CVE-2025-25243, CVSS 8.6) in SAP Supplier Relationship Management can expose sensitive files.
- Authentication Bypass (CVE-2025-24876, CVSS 8.1) in SAP Approuter enables session theft and unauthorized access.
- Multiple vulnerabilities identified in SAP Enterprise Project Connection could disrupt business operations.
- Customers are advised to review Security Notes and apply patches promptly to mitigate risks.
- Subscribe to SAP’s Security Notification Service for timely updates on vulnerabilities and patches.
Source: https://securityonline.info/sap-security-patch-day-february-2025-multi-vulnerabilities-addressed/