—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in SAP Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

SAP NetWeaver

SAP NetWeaver AS Java

SAP NetWeaver (RMI-P4)

SAP NetWeaver Application Server for ABAP

SAP NetWeaver AS ABAP and ABAP Platform

SAP Print Service

SAP Supplier Relationship Management

SAP Commerce Cloud

SAP Commerce Cloud (Search and Navigation)

SAP Data Hub Integration Suite

SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP Application Server for ABAP (BAPI Browser)

SAP S/4HANA (Manage Processing Rules – For Bank Statements)

SAP Financial Service Claims Management

SAP BusinessObjects (Web Intelligence and Platform Search)

SAP Cloud Appliance Library Appliances

Overview

Multiple vulnerabilities have been reported, which could be exploited by an attacker to disclose sensitive information, execute arbitrary code, gain unauthorized access, overwrite or delete system and application files, upload arbitrary files, manipulate or delete shared rule conditions, consume resources, gain elevated privileges, bypass configured access restrictions, perform Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks, carry out user-enumeration, and cause inconsistencies in responses that may disclose personal data on the targeted system.

Target Audience:

SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscape and Application developers using affected SAP.

Risk Assessment:

Potential for system compromise, data exposure, unauthorized access, privilege abuse, service disruption, arbitrary file upload.

Impact Assessment:

High risk of data breach, execution of arbitrary code, full system compromise, unavailability, security control bypass, and operational disruption.

Description

Multiple vulnerabilities have been reported in SAP products.

Solution

Apply appropriate updates as mentioned by the vendor:  

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html

Vendor Information

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html

References

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html

CVE Name

CVE-2025-42944

CVE-2025-42937

CVE-2025-42910

CVE-2025-5115

CVE-2025-48913

CVE-2025-0059

CVE-2025-42901

CVE-2025-42908

CVE-2025-42906

CVE-2025-42902

CVE-2025-42939

CVE-2025-42913

CVE-2025-42903

CVE-2025-31672

CVE-2025-42909

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjuXwUACgkQ3jCgcSdc

ys/XEw/9Fg2MSk7khAONIPWz5VGdWv1oPHGh1Ip3ZEirioqhBsN8soq5LtCTCRqD

oSjwG3tes1AhO4Gp8OVgZ56ONpFnn9sc8fP/Fvl0BA8pCohe7h6uYofRecCqsnLW

a1bTLTntAe5jkt2ukajt0ga2lo5doAWR35M4Wb7P4RJXOqP9rm8fGClys4cdZoIu

bv9XZ1oavfZVe4SXofTHm12ORf+sYN87mwW+JbChNsXVjM27ydpwqPhvaRnzGANC

/m81YofGI+gW1jQ125epjWLpJHAZIPzIc7OEpnF07LsNkl/tn0PNjH6ClkaFv01v

27uPFVJk9H52gxtMzKoCDMslfSPK+MoM3us29FG+ZvSBFp40sc83XkkR238atEQ1

xya6GnRfZownn56TndV624cc4gBJnPcCJWnNXWwcNayjbR12M/PYZuOd5NPxzr6d

KJVWZqxtJZ9uFBDJ1iHQemouk56B+ESlIJy75oc8l5Bl8nYYXZKPJREWYkTedhmq

bMw0HMvHvyYG8YX8W9ntn8OepY+1Q8XC+Mk3cyjCCc40vLfM99+ZQrlbs+NW2/3b

L/VGNh6Oc/b8YfXXcvM7e7SxaXJdKKkEuHCP5uiqJ1YYvuFzSQ2PHJPsxZi0B1zT

a9QBT1r82hBwZW+wtf3t5SR/e+SDatdLqKSzMk1C1HVJvDcx/hs=

=VvzF

—–END PGP SIGNATURE—–