[Vulnerability Alert] SAP Patches Critical Security Vulnerability in Supplier Relationship Management System (CVE-2025-42910)

Date Posted: 2025/10/20

Subject: [Vulnerability Alert] SAP Patches Critical Security Vulnerability in Supplier Relationship Management System (CVE-2025-42910)

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000007
- SAP Supplier Relationship Management (SRM) is a system used by enterprises to manage and optimize relationships with suppliers. SAP recently announced in its monthly update that the service has 1 critical security vulnerability (CVE-2025-42910, CVSS: 9.0). This vulnerability stems from a lack of file type or content validation, which allows an authenticated attacker to upload arbitrary files. If successfully exploited, the attacker may severely impact the confidentiality, integrity, and availability of the application.
Affected Platforms:
- SRMNXP01 versions 100 and 150
Recommended Action:
- Please apply the patch from the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
References:
- https://www.twcert.org.tw/tw/cp-169-10445-15b-1.html

Computer and Communications Center
Network Systems Group