SAP Security Patch Day Fixes 15 Flaws, Including 3 Injection Vulnerabilities

SAP released critical security updates on August 12, 2025, addressing 15 vulnerabilities across its enterprise software portfolio, with three severe code injection flaws receiving the highest CVSS scores of 9.9. The monthly Security Patch Day also included four updates to previously released security notes, highlighting the company’s ongoing commitment to protecting customer environments against evolving threats.

The most severe vulnerabilities patched this month are three code injection flaws that could allow attackers to execute arbitrary code with elevated privileges. Two new critical vulnerabilities, CVE-2025-42957 affecting SAP S/4HANA and CVE-2025-42950 impacting SAP Landscape Transformation, both received maximum severity ratings. Additionally, SAP updated a previously disclosed code injection vulnerability (CVE-2025-27429) in S/4HANA that was first patched in April 2025.

Read More:

https://gbhackers.com/sap-security-patch-day-fixes/

Skip to content