SAP Product Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in SAP products. Users of affected products are advised to update to the latest version.
Affected Products
CVE-2025-0061
SAP BusinessObjects Business Intelligence Platform versions: Enterprise 420, 430, 2025
CVE-2025-0063
SAP NetWeaver AS (for ABAP and ABAP Platform) versions: SAP_BASIS 700 (inclusive) through 702 (inclusive), 731, 740, 750 (inclusive) through 758 (inclusive)
CVE-2025-0066
SAP NetWeaver AS (for ABAP and ABAP Platform_[Internet Communication Framework]) Versions: SAP_BASIS 700 (inclusive) through 702 (inclusive), 731, 740, 750 (inclusive) through 758 (inclusive), 912 (inclusive) through 914 (inclusive)
CVE-2025-0069
SAPSetup version: LMSAPSETUP 9.0
CVE-2025-0070
SAP NetWeaver ABAP Server and ABAP Platform versions: KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 7.97, 9.12, 9.13, 9.14
Resolved Vulnerabilities
Session Hijackable Information Disclosure Vulnerability (CVE-2025-0061)
SQL Injection Vulnerability in SAP NetWeaver AS (CVE-2025-0063)
information Disclosure Vulnerability in the Internet Communication Framework (CVE-2025-0066)
DLL Injection Vulnerability in SAPSetup (CVE-2025-0069)
improper Authentication Vulnerability (CVE-2025-0070)
Vulnerability Patches
Vulnerability Patches have been made available with the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
The following vulnerabilities have been fixed: CVE-2025-0061, CVE-2025-0063, CVE-2025-0066, CVE-2025-0069. CVE-2025-0070
Separate security patches available[1] [2] [3] [4] [5]
References
[1] cve-2025-0061
https://me.sap.com/notes/3474398
[2] cve-2025-0063
https://me.sap.com/notes/3550816
[3] cve-2025-0066
https://me.sap.com/notes/3550708
[4] cve-2025-0069
https://me.sap.com/notes/3542533
[5] cve-2025-0070
https://me.sap.com/notes/3537476