Summary: SAP has addressed two critical vulnerabilities in its NetWeaver web application server that could lead to privilege escalation and unauthorized access to sensitive information. Alongside these critical fixes, SAP also released patches for 12 additional vulnerabilities rated medium to high severity. The company urges customers to promptly apply these updates to safeguard their SAP environments.
Threat Actor: Unknown | unknown
Victim: SAP customers | SAP customers
Keypoints :
- CVE-2025-0070: Critical vulnerability allowing privilege escalation due to improper authentication.
- CVE-2025-0066: Critical information disclosure vulnerability due to weak access controls.
- CVE-2025-0063: High severity SQL injection vulnerability compromising an Informix database.
- CVE-2025-0061: High severity vulnerabilities in SAP BusinessObjects enabling session hijacking.
- Strong recommendation from SAP for customers to apply patches to protect their systems.