[VULNERABILITY ALERT] SAP Releases Critical Security Advisories for 2 Products (CVE-2025-42928) (CVE-2025-42880)

• Subject: [VULNERABILITY ALERT] SAP Releases Critical Security Advisories for 2 Products (CVE-2025-42928) (CVE-2025-42880)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000005
  • [CVE-2025-42928, CVSS: 9.1] This is a deserialization vulnerability. A user with high privileges could exploit this vulnerability to trigger a Remote Code Execution (RCE) attack, affecting the confidentiality, integrity, and availability of the system.
  • [CVE-2025-42880, CVSS: 9.9] Due to a lack of input filtering mechanisms, SAP Solution Manager allows an authenticated attacker to inject malicious code when calling remote-enabled function modules, potentially affecting the confidentiality, integrity, and availability of the system.
• Affected Platforms:
  • [CVE-2025-42928] SAP jConnect - SDK for ASE SYBASE_SOFTWARE_DEVELOPER_KIT versions 16.0.4, 16.1
  • [CVE-2025-42880] SAP Solution Manager ST version 720
• Recommended Actions:
  • Apply patches according to the solutions released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html

Computer and Communication Center
Network Systems Division, Respectfully