{"uuid": "43ff9e04-da8f-45fe-a06a-e8f9b84a2d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "SAP Security Patch Day - September 2025", "description": "# SAP Security Patch Day - September 2025\n[3634501](https://me.sap.com/notes/3634501)\n\n\\[[CVE-2025-42944](https://www.cve.org/CVERecord?id=CVE-2025-42944)\\]\u00a0**Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)**\n\nProduct\u00a0- SAP Netweaver (RMI-P4)  \nVersion - SERVERCORE 7.50\n\nCritical\n\n[10.0](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n[3643865](https://me.sap.com/notes/3643865)\n\n\\[[CVE-2025-42922](https://www.cve.org/CVERecord?id=CVE-2025-42922)\\]\u00a0**Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)**\n\nProduct\u00a0- SAP NetWeaver AS Java (Deploy Web Service)  \nVersion - J2EE-APPS 7.50\n\nCritical\n\n[9.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\n[3302162](https://me.sap.com/notes/3302162)\n\n**_Update to Security Note released on March 2023 Patch Day:_**\n\n\\[[CVE-2023-27500](https://www.cve.org/CVERecord?id=CVE-2023-27500)\\]\u00a0**Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform**\n\nProduct \u2013 SAP NetWeaver AS for ABAP and ABAP Platform  \nVersion \u2013 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757\n\nCritical\n\n[9.6](https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)\n\n[3627373](https://me.sap.com/notes/3627373)\n\n\\[[CVE-2025-42958](https://www.cve.org/CVERecord?id=CVE-2025-42958)\\]\u00a0**Missing Authentication check in SAP NetWeaver**\n\nProduct\u00a0- SAP NetWeaver  \nVersion - KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54\n\nCritical\n\n[9.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\n[3642961](https://me.sap.com/notes/3642961)\n\n\\[[CVE-2025-42933](https://www.cve.org/CVERecord?id=CVE-2025-42933)\\]\u00a0**Insecure Storage of Sensitive Information in SAP Business One (SLD)**\n\nProduct\u00a0- SAP Business One (SLD)  \nVersion - B1\\_ON\\_HANA 10.0, SAP-M-BO 10.0\n\nHigh\n\n[8.8](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n[3633002](https://me.sap.com/notes/3633002)\n\n\\[[CVE-2025-42929](https://www.cve.org/CVERecord?id=CVE-2025-42929)\\]\u00a0**Missing input validation vulnerability in SAP Landscape Transformation Replication Server**\n\nProduct\u00a0- SAP Landscape Transformation Replication Server  \nVersion - DMIS 2011\\_1\\_620, 2011\\_1\\_640, 2011\\_1\\_700, 2011\\_1\\_710, 2011\\_1\\_730, 2011\\_1\\_731, 2011\\_1\\_752, 2020\n\nHigh\n\n[8.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H)\n\n[3635475](https://me.sap.com/notes/3635475)\n\n\\[[CVE-2025-42916](https://www.cve.org/CVERecord?id=CVE-2025-42916)\\]\u00a0**Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)**\n\nProduct\u00a0- SAP S/4HANA (Private Cloud or On-Premise)  \nVersion - S4CORE 102, 103, 104, 105, 106, 107, 108\n\nHigh\n\n[8.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H)\n\n[3581811](https://me.sap.com/notes/3581811)\n\n**_Update to Security Note released on April 2025 Patch Day:_**\n\n\\[[CVE-2025-27428](https://www.cve.org/CVERecord?id=CVE-2025-27428)\\]\u00a0**Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)  \n**  \nProduct\u00a0- SAP NetWeaver and ABAP Platform (Service Data Collection)  \nVersion - ST-PI 2008\\_1\\_700, 2008\\_1\\_710, 740\n\nHigh\n\n[7.7](https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n[3620264](https://me.sap.com/notes/3620264)\n\n\\[[CVE-2025-22228](https://www.cve.org/CVERecord?id=CVE-2025-22228)\\]\u00a0**Security Misconfiguration vulnerability in Spring security within SAP Commerce Cloud and SAP Datahub**\n\nProduct\u00a0- SAP Commerce Cloud and SAP Datahub  \nVersion - HY\\_COM 2205, HY\\_DHUB 2205, COM\\_CLOUD 2211, DHUB\\_CLOUD 2211\n\nMedium\n\n[6.6](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n[3614067](https://me.sap.com/notes/3614067)\n\n\\[[CVE-2025-42930](https://www.cve.org/CVERecord?id=CVE-2025-42930)\\]\u00a0**Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation**\n\nProduct\u00a0- SAP Business Planning and Consolidation  \nVersion - BPC4HANA 200, 300, SAP\\_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 914, CPMBPC 810\n\nMedium\n\n[6.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n[3635587](https://me.sap.com/notes/3635587)\n\n\\[[CVE-2025-42912](https://www.cve.org/CVERecord?id=CVE-2025-42912)\\]\u00a0**Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)**\n\nAdditional CVEs - [CVE-2025-42913](https://www.cve.org/CVERecord?id=CVE-2025-42913), [CVE-2025-42914](https://www.cve.org/CVERecord?id=CVE-2025-42914)\n\nProduct\u00a0- SAP HCM (My Timesheet Fiori 2.0 application)  \nVersion - GBX01HR5 605\n\nMedium\n\n[6.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n[3643832](https://me.sap.com/notes/3643832)\n\n\\[[CVE-2025-42917](https://www.cve.org/CVERecord?id=CVE-2025-42917)\\]\u00a0**Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application)**\n\nProduct\u00a0- SAP HCM (Approve Timesheets Fiori 2.0 application)  \nVersion - GBX01HR5 605\n\nMedium\n\n[6.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n[3611420](https://me.sap.com/notes/3611420)\n\n\\[[CVE-2023-5072](https://www.cve.org/CVERecord?id=CVE-2023-5072)\\]\u00a0**Denial of Service (DoS) vulnerability due to outdated JSON library used in SAP BusinessObjects Business Intelligence Platform**\n\nProduct\u00a0- SAP BusinessObjects Business Intelligence Platform  \nVersion - ENTERPRISE 430, 2025, 2027\n\nMedium\n\n[6.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n[3647098](https://me.sap.com/notes/3647098)\n\n\\[[CVE-2025-42920](https://www.cve.org/CVERecord?id=CVE-2025-42920)\\]\u00a0**Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management**\n\nProduct\u00a0- SAP Supplier Relationship Management  \nVersion \u2013 SRM\\_SERVER 700, 701, 702, 713, 714\n\nMedium\n\n[6.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n[3629325](https://me.sap.com/notes/3629325)\n\n\\[[CVE-2025-42938](https://www.cve.org/CVERecord?id=CVE-2025-42938)\\]\u00a0**Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform**\n\nProduct\u00a0- SAP NetWeaver ABAP Platform  \nVersion - S4CRM 100, 200, 204, 205, 206, S4CEXT 109, BBPCRM 713, 714\n\nMedium\n\n[6.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n[3409013](https://me.sap.com/notes/3409013)\n\n\\[[CVE-2025-42915](https://www.cve.org/CVERecord?id=CVE-2025-42915)\\]\u00a0**Missing Authorization Check in Fiori app (Manage Payment Blocks)**\n\nProduct\u00a0- Fiori app (Manage Payment Blocks)  \nVersion - S4CORE 107, 108\n\nMedium\n\n[5.4](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\n[3619465](https://me.sap.com/notes/3619465)\n\n\\[[CVE-2025-42926](https://www.cve.org/CVERecord?id=CVE-2025-42926)\\]\u00a0**Missing Authentication check in SAP NetWeaver Application Server Java**\n\nProduct\u00a0- SAP NetWeaver Application Server Java  \nVersion - WD-RUNTIME 7.50\n\nMedium\n\n[5.3](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n[3627644](https://me.sap.com/notes/3627644)\n\n\\[[CVE-2025-42911](https://www.cve.org/CVERecord?id=CVE-2025-42911)\\]\u00a0**Missing Authorization check in SAP NetWeaver (Service Data Download)**\n\nProduct\u00a0- SAP NetWeaver (Service Data Download)  \nVersion - SAP\\_BASIS 700, SAP\\_BASIS 701, SAP\\_BASIS 702, SAP\\_BASIS 731, SAP\\_BASIS 740, SAP\\_BASIS 750, SAP\\_BASIS 751, SAP\\_BASIS 752, SAP\\_BASIS 753, SAP\\_BASIS 754, SAP\\_BASIS 755, SAP\\_BASIS 756, SAP\\_BASIS 757, SAP\\_BASIS 758, SAP\\_BASIS 816\n\nMedium\n\n[5.0](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\n[3610322](https://me.sap.com/notes/3610322)\n\n**_Update to Security Note released on July 2025 Patch Day:_**\n\n\\[[CVE-2025-42961](https://www.cve.org/CVERecord?id=CVE-2025-42961)\\]\u00a0**Missing Authorization check in SAP NetWeaver Application Server for ABAP**\n\nProduct\u00a0- SAP NetWeaver Application Server for ABAP  \nVersion \u2013 SAP\\_BASIS 700, SAP\\_BASIS 701, SAP\\_BASIS 702, SAP\\_BASIS 731, SAP\\_BASIS 740, SAP\\_BASIS 750, SAP\\_BASIS 751, SAP\\_BASIS 752, SAP\\_BASIS 753, SAP\\_BASIS 754, SAP\\_BASIS 755, SAP\\_BASIS 756, SAP\\_BASIS 757, SAP\\_BASIS 758, SAP\\_BASIS 816\n\nMedium\n\n[4.9](https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\n[3640477](https://me.sap.com/notes/3640477)\n\n\\[[CVE-2025-42925](https://www.cve.org/CVERecord?id=CVE-2025-42925)\\]\u00a0**Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)**\n\nProduct\u00a0- SAP NetWeaver AS Java (IIOP Service)  \nVersion \u2013 SERVERCORE 7.50\n\nMedium\n\n[4.3](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n[3450692](https://me.sap.com/notes/3450692)\n\n\\[[CVE-2025-42923](https://www.cve.org/CVERecord?id=CVE-2025-42923)\\]\u00a0**Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)**\n\nProduct\u00a0- SAP Fiori App (F4044 Manage Work Center Groups)  \nVersion - UIS4HOP1 600, 700, 800, 900\n\nMedium\n\n[4.3](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n[3623504](https://me.sap.com/notes/3623504)\n\n\\[[CVE-2025-42918](https://www.cve.org/CVERecord?id=CVE-2025-42918)\\]\u00a0**Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)**\n\nProduct\u00a0- SAP NetWeaver Application Server for ABAP (Background Processing)  \nVersion - SAP\\_BASIS 700, SAP\\_BASIS 701, SAP\\_BASIS 702, SAP\\_BASIS 731, SAP\\_BASIS 740, SAP\\_BASIS 750, SAP\\_BASIS 751, SAP\\_BASIS 752, SAP\\_BASIS 753, SAP\\_BASIS 754, SAP\\_BASIS 755, SAP\\_BASIS 756, SAP\\_BASIS 757, SAP\\_BASIS 758, SAP\\_BASIS 816\n\nMedium\n\n[4.3](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n[3577131](https://me.sap.com/notes/3577131)\n\n**_Update to Security Note released on April 2025 Patch Day:_**\n\n\\[[CVE-2025-31331](https://www.cve.org/CVERecord?id=CVE-2025-31331)\\]\u00a0**Authorization Bypass vulnerability in SAP NetWeaver**\n\nProduct\u00a0\\- SAP NetWeaver  \nVersion - SAP\\_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, 75I\n\nMedium\n\n[4.3](https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n[3624943](https://me.sap.com/notes/3624943)\n\n**_Update to Security Note released on August 2025 Patch Day:_**\n\n\\[[CVE-2025-42941](https://www.cve.org/CVERecord?id=CVE-2025-42941)\\]\u00a0**Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)**\n\nProduct\u00a0\\- SAP Fiori (Launchpad)  \nVersion - SAP\\_UI 754\n\nLow\n\n[3.5](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N)\n\n[3525295](https://me.sap.com/notes/3525295)\n\n\\[[CVE-2025-42927](https://www.cve.org/CVERecord?id=CVE-2025-42927)\\]\u00a0**Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)**\n\nProduct\u00a0- SAP NetWeaver AS Java (Adobe Document Service)  \nVersion - ADSSAP 7.50\n\nLow\n\n[3.4](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)\n\n[3632154](https://me.sap.com/notes/3632154)\n\n\\[[CVE-2024-13009](https://www.cve.org/CVERecord?id=CVE-2024-13009)\\]\u00a0**Potential Improper Resource Release vulnerability in SAP Commerce Cloud**\n\nProduct\u00a0- SAP Commerce Cloud  \nVersion - HY\\_COM 2205, COM\\_CLOUD 2211\n\nLow\n\n[3.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)", "creation_timestamp": "2025-09-11T13:37:23.512990+00:00", "timestamp": "2025-09-11T13:37:23.512990+00:00", "related_vulnerabilities": ["CVE-2025-42961", "CVE-2025-42917", "CVE-2025-42923", "CVE-2025-42915", "CVE-2025-42918", "CVE-2025-42958", "CVE-2025-42916", "CVE-2025-22228", "CVE-2025-42930", "CVE-2025-42938", "CVE-2025-42927", "CVE-2025-27428", "CVE-2023-27500", "CVE-2025-42926", "CVE-2024-13009", "CVE-2025-42913", "CVE-2025-42933", "CVE-2025-42922", "CVE-2025-42944", "CVE-2025-42929", "CVE-2025-42911", "CVE-2025-42912", "CVE-2025-42941", "CVE-2025-42914", "CVE-2025-31331", "CVE-2025-42925", "CVE-2025-42920", "CVE-2023-5072"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}