[Vulnerability Alert] SAP Patches Critical Security Vulnerability in Print Service (CVE-2025-42937)

Date Posted: 2025/10/20

Subject: [Vulnerability Alert] SAP Patches Critical Security Vulnerability in Print Service (CVE-2025-42937)

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000006
- SAP Print Service is a cloud printing solution that sends documents from the cloud to local printers, offering monitoring and management for print tracking features. A recent SAP monthly update announced one critical security vulnerability (CVE-2025-42937, CVSS: 9.8) in this service. The vulnerability stems from insufficient validation of user-supplied path information, allowing an unauthenticated attacker to traverse directories and overwrite system files.
Affected Platforms:
- SAPSPRINT versions 8.00 and 8.10
Recommended Action:
- Please apply the patch from the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
References:
- https://www.twcert.org.tw/tw/cp-169-10444-360ca-1.html

Computer and Communications Center
Network Systems Group