12 sierpnia 2025 roku, w ramach SAP Security Patch Day, opublikowano 15 nowych not bezpieczeństwa. Ponadto, opublikowano 4 aktualizacje wcześniej opublikowanych not bezpieczeństwa.
| Notatka | Tytuł | Krytyczność | CVSS |
| 3627998 | [CVE-2025-42957] Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) Product – SAP S/4HANA (Private Cloud or On-Premise) Version – S4CORE 102, 103, 104, 105, 106, 107, 108 | Krytyczna | 9.9 |
| 3633838 | [CVE-2025-42950] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) Product – SAP Landscape Transformation (Analysis Platform) Version – DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 | Krytyczna | 9.9 |
| 3581961 | Update to Security Note released on April 2025 Patch Day: [CVE-2025-27429] Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) Product – SAP S/4HANA (Private Cloud or On-Premise) Version – S4CORE 102, 103, 104, 105, 106, 107, 108 | Krytyczna | 9.9 |
| 3625403 | [CVE-2025-42951] Broken Authorization in SAP Business One (SLD) Product – SAP Business One (SLD) Version – B1_ON_HANA 10.0, SAP-M-BO 10.0 | Wysoka | 8.8 |
| 3611184 | [CVE-2025-42976] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) Additional CVE – CVE-2025-42975 Product – SAP NetWeaver Application Server ABAP (BIC Document) Version – S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747, 748 | Wysoka | 8.1 |
| 3614804 | [CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management) Product – SAP S/4HANA (Bank Communication Management) Version – SAP_APPL 606, SAP_FIN 617, 618, 720, 730, S4CORE 102, 103, 104, 105, 106, 107, 108 | Średnia | 6.9 |
| 3585491 | [CVE-2025-42945] HTML Injection vulnerability in SAP NetWeaver Application Server ABAP Product – SAP NetWeaver Application Server ABAP Version – KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 | Średnia | 6.1 |
| 3597355 | [CVE-2025-42942] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP Product – SAP NetWeaver Application Server for ABAP Version – SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 914, SAP_BASIS 916 | Średnia | 6.1 |
| 3629871 | [CVE-2025-42948] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform Product – SAP NetWeaver ABAP Platform Version – S4CRM 100, 200, 204, 205, 206, S4CEXT 107, 108, 109, BBPCRM 713, 714 | Średnia | 6.1 |
| 3503138 | Update to Security Note released on January 2025 Patch Day: [CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) Product – SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) Version – KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12, 9.14 | Średnia | 6.0 |
| 3602656 | [CVE-2025-42936] Missing Authorization check in SAP NetWeaver Application Server for ABAP Product – SAP NetWeaver Application Server for ABAP Version – SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816 | Średnia | 5.4 |
| 3561792 | Update to Security Note released on March 2025 Patch Day: [CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component) Product – SAP NetWeaver Enterprise Portal (OBN component) Version – EP-RUNTIME 7.50 | Średnia | 5.3 |
| 3626722 | [CVE-2025-42949] Missing Authorization check in ABAP Platform Product – ABAP Platform Version – SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 916 | Średnia | 4.9 |
| 3627845 | [CVE-2025-42943] Information Disclosure in SAP GUI for Windows Product – SAP GUI for Windows Version – BC-FES-GUI 8.00 | Średnia | 4.5 |
| 3616863 | [CVE-2025-42934] CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice) Product – SAP S/4HANA (Supplier invoice) Version – S4CORE 102, 103, 104, 105, 106, 107, 108, 109 | Średnia | 4.3 |
| 3577131 | Update to Security Note released on April 2025 Patch Day: [CVE-2025-31331] Authorization Bypass vulnerability in SAP NetWeaver Product – SAP NetWeaver Version – SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, 75I | Średnia | 4.3 |
| 3601480 | [CVE-2025-42935] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) Product – SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) Version – KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15, 9.16 | Średnia | 4.1 |
| 3611345 | [CVE-2025-42955] Missing authorization check in SAP Cloud Connector Product – SAP Cloud Connector Version – SAP_CLOUD_CONNECTOR 2.0 | Niska | 3.5 |
| 3624943 | [CVE-2025-42941] Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad) Product – SAP Fiori (Launchpad) Version – SAP_UI 754 | Niska | 3.5 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny