SAP has released 14 security notes, including three critical vulnerabilities patched in December 2025, affecting Solution Manager, Tomcat servers, and Sybase ASE. These flaws pose significant risks such as remote code execution and administrative breaches, urging immediate patch application. #SAPSolutionManager #ApacheTomcat #SybaseASE
Keypoints
- SAP released 14 security notes, with three rated as critical in December 2025.
- The CVE-2025-42880 flaw in Solution Manager could allow attackers to gain admin access through code injection.
- Two bugs in Apache Tomcat used in Commerce Cloud pose a high risk of remote code execution.
- A deserialization vulnerability in Sybase ASE could enable remote exploitation for executing arbitrary code.
- Other security notes address DoS, information leaks, and authorization issues across SAP products, urging prompt patching.