【Vulnerability Alert】SAP has issued a major security advisory for multiple products

• Subject:【Vulnerability Alert】SAP has issued a major security advisory for multiple products
• Details:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202508-00000009
  • 【CVE-2025-42957, CVSS: 9.9】 This vulnerability exists in SAP S/4HANA and SAP SCM Characteristic Propagation, allowing an attacker with user privileges to exploit a vulnerability in an RFC-exposed function module to inject arbitrary ABAP code into the system, bypassing necessary authorization checks.
  • 【CVE-2025-42950, CVSS: 9.9】 This vulnerability exists in SAP Landscape Transformation (SLT), allowing an attacker with user privileges to exploit a vulnerability in an RFC-exposed function module to inject arbitrary ABAP code into the system, bypassing necessary authorization checks.
  • 【CVE-2025-42951, CVSS: 8.8】 An authorization vulnerability exists in SAP Business One (SLD), allowing an authenticated attacker to obtain administrator privileges for the database by calling the corresponding API.
• Affected Platforms:
  • SAP S/4HANA (Private Cloud or On-Premise) S4CORE versions 102, 103, 104, 105, 106, 107, 108
  • SAP Landscape Transformation (Analysis Platform) DMIS versions 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
  • SAP Business One (SLD) B1_ON_HANA version 10.0, SAP-M-BO version 10.0
• Recommended Actions:
  • Patch according to the solution released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
• References:
  • https://www.twcert.org.tw/tw/cp-169-10324-fd8bf-1.html

Computer and Communications Center
Network Systems Group, Regards