【Vulnerability Alert】SAP Patches Major Security Vulnerability in NetWeaver ABAP Application Server (CVE-2025-42989)

Post Date: 2025/06/12

Subject: 【Vulnerability Alert】SAP Patches Major Security Vulnerability in NetWeaver ABAP Application Server (CVE-2025-42989)

Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000007
- SAP has issued a major security vulnerability announcement (CVE-2025-42989, CVSS: 9.6) for its NetWeaver ABAP Application Server product. This vulnerability stems from the SAP Remote Function Call (RFC) process, which allows authenticated attackers to bypass checking procedures, leading to privilege escalation. If successfully exploited, it would severely impact the integrity and availability of the application.
Affected Platforms:
- KERNEL versions 7.89, 7.93, 9.14, 9.15
Suggested Measures:
- Please apply the patch from the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
References:
1. https://www.twcert.org.tw/tw/cp-169-10175-8908d-1.html

Computer and Communications Center
Network Systems Division