Summary: SAP announced the release of 19 new and two updated security notes during its February 2025 Patch Day, addressing severe vulnerabilities in several systems including NetWeaver and BusinessObjects, with six being marked as high priority. Key vulnerabilities include improper authorization in BusinessObjects and a path traversal flaw in Supplier Relationship Management. Organizations are strongly advised to implement these security patches promptly to mitigate potential exploitation risks.
Affected: SAP Systems (NetWeaver, BusinessObjects, Supplier Relationship Management, Approuter, Enterprise Project Connection, HANA)
Keypoints :
- Release of 19 new and 2 updated security notes as part of February 2025 Patch Day.
- High-priority vulnerabilities include CVE-2025-0064 in BusinessObjects, allowing user impersonation, and CVE-2025-25243 in Supplier Relationship Management for unauthorized file access.
- Organizations are recommended to update their systems promptly due to the common targeting of SAP vulnerabilities.
Source: https://www.securityweek.com/sap-releases-21-security-patches/