Security Advisory

SAP Family Security Update Advisory

  • Sep 10 2025
SAP Family Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in SAP products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-42944

 

SAP Netweaver (RMI-P4) version: SERVERCORE 7.50

 

CVE-2025-42922

 

SAP NetWeaver AS Java (Deploy Web Service) Version: J2EE-APPS 7.50

 

CVE-2025-42958

 

SAP NetWeaver Versions: Krnl64nuc 7.22, 7.22ext
SAP NetWeaver Versions: Krnl64uc 7.22, 7.22ext, 7.53
SAP NetWeaver versions: Kernel 7.22, 7.53, 7.54

 

CVE-2025-42933

 

SAP Business One (SLD) Version: B1_ON_HANA 10.0
SAP Business One (SLD) version: SAP-M-BO 10.0

 

CVE-2025-42929

 

SAP Landscape Transformation Replication Server versions: Dmis 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020

 

CVE-2025-42916

 

SAP S/4HANA (Private Cloud or On-Premise) version: S4CORE 102 or higher and 108 or lower

 

CVE-2025-27428

 

SAP NetWeaver and ABAP Platform (Service Data Collection) versions: St-pi 2008_1_700, 2008_1_710, 740

 

 

Resolved Vulnerabilities

 

Insecure Deserialization Vulnerability in SAP Netweaver (RMI-P4) (CVE-2025-42944)
Insecure File Manipulation Vulnerability in SAP NetWeaver AS Java (Deploy Web Service) (CVE-2025-42922)
Missing Authentication Vulnerability in SAP NetWeaver (CVE-2025-42958)
Insecure sensitive information storage vulnerability in SAP Business One (SLD) (CVE-2025-42933)
Missing Input Validation Vulnerability in SAP Landscape Transformation Replication Server (CVE-2025-42929)
Input Validation Missing Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) (CVE-2025-42916)
Directory Traversal Vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) (CVE-2025-27428)

 

 

Vulnerability Patches

Vulnerability Patches have been made available with the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2025-42944, cve-2025-42922, cve-2025-42958, cve-2025-42933, cve-2025-42929, cve-2025-42916, cve-2025-27428

 

Separate security patches are available [2][3][4][5][6][7][8]

 

 

References

 

[1] SAP Security Patch Day – September 2025
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
[2] cve-2025-42944
https://me.sap.com/notes/3634501
[3] cve-2025-42922
https://me.sap.com/notes/3643865
[4] cve-2025-42958
https://me.sap.com/notes/3627373
[5] cve-2025-42933
https://me.sap.com/notes/3642961
[6] cve-2025-42929
https://me.sap.com/notes/3633002
[7] cve-2025-42916
https://me.sap.com/notes/3635475
[8] cve-2025-27428
https://me.sap.com/notes/3581811

Tags:
Previous Post

Next Post