hendryadrian.com (Focus Mode)

Summary: SAP has released 14 new security notes addressing critical and high-severity vulnerabilities in its core systems, including NetWeaver and BusinessObjects. Notably, two critical vulnerabilities, CVE-2025-0070 and CVE-2025-0066, pose significant risks, allowing unauthorized access and potential privilege escalation. SAP urges customers to apply the patches promptly to safeguard their systems against potential threats.

Threat Actor: Unknown | unknown
Victim: SAP | SAP

Keypoints :

14 new security notes released during SAP’s monthly Security Patch Day.
CVE-2025-0070 and CVE-2025-0066 are critical vulnerabilities with a CVSS score of 9.9.
Other notable vulnerabilities include SQL injection in SAP NetWeaver and session hijacking in SAP BusinessObjects.
SAP recommends immediate patch application to mitigate risks.

Source: https://securityonline.info/critical-sap-flaws-revealed-cve-2025-0070-and-cve-2025-0066-with-cvss-9-9-demand-immediate-action/