Summary: SAP has released 14 new security notes addressing critical and high-severity vulnerabilities in its core systems, including NetWeaver and BusinessObjects. Notably, two critical vulnerabilities, CVE-2025-0070 and CVE-2025-0066, pose significant risks, allowing unauthorized access and potential privilege escalation. SAP urges customers to apply the patches promptly to safeguard their systems against potential threats.
Threat Actor: Unknown | unknown
Victim: SAP | SAP
Keypoints :
- 14 new security notes released during SAP’s monthly Security Patch Day.
- CVE-2025-0070 and CVE-2025-0066 are critical vulnerabilities with a CVSS score of 9.9.
- Other notable vulnerabilities include SQL injection in SAP NetWeaver and session hijacking in SAP BusinessObjects.
- SAP recommends immediate patch application to mitigate risks.