Security Advisory

SAP Product Security Update Advisory

  • Nov 12 2025
SAP Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in SAP products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-42890

 

SQL Anywhere Monitor (Non-Gui) version: Base_sql_anywhere_server 17.0

 

CVE-2025-42887

 

SAP Solution Manager version: ST 720

 

CVE-2025-42940

 

SAP CommonCryptoLib version: CRYPTOLIB 8

 

 

Resolved Vulnerabilities

 

Insecure Key and Secret Management Vulnerability in SQL Anywhere Monitor (CVE-2025-42890)
Code injection vulnerability in SAP Solution Manager (CVE-2025-42887)
Memory corruption vulnerability in SAP CommonCryptoLib (CVE-2025-42940)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-42890, CVE-2025-42887, CVE-2025-42940

 

Separate security patches available [2][3][4]

 

 

References

 

[1] SAP Security Patch Day – November 2025
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html
[2] cve-2025-42890
https://me.sap.com/notes/3666261
[3] cve-2025-42887
https://me.sap.com/notes/3668705
[4] cve-2025-42940
https://me.sap.com/notes/3633049

Tags:
Previous Post

Next Post