SAP April 2025 Update Fixes Critical Code Injection Vulnerabilities
gbhackersSAP Security Patch Day has introduced a critical update to address vulnerabilities in SAP products, including high-severity code injection weaknesses.
A total of 18 new Security Notes, along with 2 updates to existing notes, were released to tackle serious risks such as unauthorized access, code injection, and directory traversal.
SAP recommends customers promptly apply these patches to safeguard their systems and ensure the robustness of their SAP landscapes.
Summary of CVEs and Vulnerabilities
The following table provides a detailed overview of the vulnerabilities addressed in the April 2025 update:
| CVE ID | Vulnerability | Affected Product(s) | Priority | CVSS Score |
| CVE-2025-27429 | Code Injection Vulnerability | SAP S/4HANA (Private Cloud) | Critical | 9.9 |
| CVE-2025-31330 | Code Injection Vulnerability | SAP Landscape Transformation (Analysis Platform) | Critical | 9.9 |
| CVE-2025-30016 | Authentication Bypass Vulnerability | SAP Financial Consolidation | Critical | 9.8 |
| CVE-2025-0064 | Improper Authorization (Updated Security Note from February 2025 Patch Day) | SAP BusinessObjects Business Intelligence platform (Central Management ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE