SAP has released 16 security patches addressing critical vulnerabilities across its enterprise software lineup, including severe flaws like insecure deserialization and directory traversal. While no exploits have been reported, timely patch application is crucial to prevent potential attacks by threat actors targeting SAP systems. #SAP #NetWeaver #CVEs #SecurityPatches
Keypoints
- SAP published 16 updates, including three critical-severity patches, on Security Patch Day.
- One vulnerability, CVE-2025-42944, involves an insecure deserialization flaw in NetWeaver AS Java.
- A directory traversal bug in Print Service (CVE-2025-42937) allows attackers to overwrite system files.
- Other patches address high-severity issues like unrestricted file upload and security misconfigurations.
- Organizations are urged to install these patches promptly to protect against targeted threat actor exploits.
Read More: https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-print-service-srm/