Summary: SAP has released 14 new security notes addressing critical vulnerabilities, including two with a CVSS score of 9.9, during its January 2025 Patch Day. Organizations are urged to apply these patches promptly to mitigate potential exploitation by threat actors.
Threat Actor: Unknown | unknown
Victim: SAP | SAP
Key Point :
- Two critical vulnerabilities (CVE-2025-0070 and CVE-2025-0066) could allow attackers to steal credentials and read decrypted information.
- A high-severity SQL injection vulnerability (CVE-2025-0063) could lead to data takeover in the Informix database.
- Additional high-severity bugs were identified in the BusinessObjects platform and a DLL hijacking flaw in SAPSetup.
- Organizations should review and apply the security notes to prevent potential exploitation.
Source: https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver/
Views: 4