[Vulnerability Alert] SAP Patches Critical Security Vulnerability in Print Service (CVE-2025-42937)

• Subject: [Vulnerability Alert] SAP Patches Critical Security Vulnerability in Print Service (CVE-2025-42937)

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000006
  • SAP Print Service is a cloud printing solution that sends documents from the cloud to local printers, offering monitoring and management for print tracking features. A recent SAP monthly update announced one critical security vulnerability (CVE-2025-42937, CVSS: 9.8) in this service. The vulnerability stems from insufficient validation of user-supplied path information, allowing an unauthenticated attacker to traverse directories and overwrite system files.
• Affected Platforms:
  • SAPSPRINT versions 8.00 and 8.10
• Recommended Action:
  • Please apply the patch from the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
• References:
  • https://www.twcert.org.tw/tw/cp-169-10444-360ca-1.html

Computer and Communications Center
Network Systems Group