-
Non-Product Related Assistance
Request for existing cases, user IDs, Portal navigation support and more
SAP Security Patch Day – January 2025
This post shares information on Security Notes that remediate vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape.
On 14th of January 2025, SAP Security Patch Day saw the release of 14 new Security Notes.
Note# | Title | Severity | CVSS |
|---|---|---|---|
[CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Product- SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions – KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 7.97, 8.04, 9.12, 9.13, 9.14 | Critical | ||
[CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework) Product- SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework), Versions – SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 912, SAP_BASIS 913, SAP_BASIS 914 | Critical | ||
[CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform, Version – SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 | High | ||
[CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform Additional CVE - CVE-2025-0060 Product- SAP BusinessObjects Business Intelligence Platform, Versions – ENTERPRISE 420, 430, 2025 | High | ||
[CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup Product- SAPSetup, Version – LMSAPSETUP 9.0 | High | ||
[CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow | Medium | ||
[CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java Product- SAP NetWeaver Application Server Java, Version – WD-RUNTIME 7.50 | Medium | ||
[CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows Product- SAP GUI for Windows, Versions – BC-FES-GUI 8.0 | Medium | ||
[CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java Product- SAP GUI for Java, Versions – BC-FES-JAV 7.80 | Medium | ||
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) Product- SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML), Versions – KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12, 9.14 | Medium | ||
[CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Product- SAP NetWeaver Application Server for ABAP and ABAP Platform, Version – SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 | Medium | ||
[CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) | Medium | ||
[CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP | Medium | ||
Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise) Related CVEs - CVE-2024-29131, CVE-2024-29133 | Low | 2.2 |
To know more about the security researchers and research companies who have contributed for security patches of this month, visit here.
SAP is committed to delivering trustworthy products and cloud services. Secure configuration is essential to ensuring secure operation and data integrity. We have therefore documented security recommendations that are consolidated in this document to help you configure the best security for your SAP portfolio.
Archived blogs from previous years are available here.
If you have any comments or feedback about this post, you can write to secure@sap.com.