SAP released 14 security patches in June 2025, including a critical vulnerability in NetWeaver that could allow privilege escalation and system compromise. Recent updates aim to mitigate high, medium, and low-severity flaws, emphasizing the importance of prompt application to prevent potential attacks. #SAP #NetWeaver #CVE-2025-42989
Keypoints
- SAP issued 14 security patches during its June 2025 Security Patch Day.
- A critical vulnerability (CVE-2025-42989) in NetWeaver allows privilege escalation through bypassed authorization checks.
- The flaw resides in the RFC framework, impacting the security and integrity of enterprise applications.
- Additional high-severity vulnerabilities include issues in GRC, Business Warehouse, BusinessObjects, and NetWeaver Visual Composer.
- Organizations are advised to update promptly, especially after recent widespread exploitation of NetWeaver vulnerabilities.
Read More: https://www.securityweek.com/critical-vulnerability-patched-in-sap-netweaver/