SAP has released security patches addressing over a dozen vulnerabilities, including critical code injection issues that could lead to system compromises. Organizations are urged to update promptly to mitigate risks from active exploits by threat actors targeting SAP products. #CVE-2025-42950 #CVE-2025-42957 #SAPNetWeaver #S/4HANA
Keypoints
- SAP’s August 2025 Patch Tuesday includes fixes for 15 new security vulnerabilities.
- Two critical vulnerabilities, CVE-2025-42950 and CVE-2025-42957, involve code injection risks exploitable for remote code execution.
- The patches address a broken authorization in SAP Business One and memory corruption bugs in NetWeaver ABAP, among others.
- Several vulnerabilities in SAP’s ERP and cloud products have been exploited by ransomware groups and state-sponsored hackers.
- Timely application of these updates is vital to prevent potential full system compromises.
Read More: https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/