SAP Family Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in the SAP family of products. Users of affected products are advised to update to the latest version.
Affected Products
CVE-2025-42957, CVE-2025-27429
SAP S/4HANA (Private Cloud or On-Premise) Versions: S4CORE 102 and above and 108 and below
CVE-2025-42950
SAP Landscape Transformation (Analysis Platform) Versions: DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
CVE-2025-42951
SAP Business One (SLD) Version: B1_ON_HANA 10.0
SAP Business One (SLD) Version: SAP-M-BO 10.0
CVE-2025-42976
SAP NetWeaver Application Server ABAP (BIC Document) Version: S4COREOP 104 or higher and 108 or lower
SAP NetWeaver Application Server ABAP (BIC Document) version: SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747, 748
Resolved Vulnerabilities
Code Injection Vulnerability in SAP S/4HANA (CVE-2025-42957)
Code Injection Vulnerability in SAP Landscape Transformation (CVE-2025-42950)
Code Injection Vulnerability in SAP S/4HANA (CVE-2025-27429)
Privilege Unmanageability Vulnerability in SAP Business One (CVE-2025-42951)
Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (CVE-2025-42976)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2025-42957, CVE-2025-27429, CVE-2025-42950, CVE-2025-42951, CVE-2025-42976
Separate security patches are available [2][3][4][5][6]
References
[1] SAP Security Patch Day – August 2025
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
[2] cve-2025-42957
https://me.sap.com/notes/3627998
[3] cve-2025-27429
https://me.sap.com/notes/3581961
[4] cve-2025-42950
https://me.sap.com/notes/3633838
[5] cve-2025-42951
https://me.sap.com/notes/3625403
[6] cve-2025-42976
https://me.sap.com/notes/3611184