SAP© Security Advisories - 01 2025 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 14 and the highest CVSS score is 9.9.

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

_{Related note}
3502459

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0056] Information Disclosure vulnerability in SAP GUI for Java

Security Advisory

_{Related note}
3472837

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0055] Information Disclosure vulnerability in SAP GUI for Windows

Security Advisory

_{Related note}
3536461

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0053] Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Security Advisory

_{Related note}
3540108

_CVSS
6.3

_{Affected system
type}
Java

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0067] Missing Authorization check in SAP NetWeaver Application Server Java

Security Advisory

_{Related note}
3542533

_CVSS
7.8

_{Affected system
type}
SAPSetup

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0069] DLL Hijacking vulnerability in SAPSetup

Security Advisory

_{Related note}
3542698

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0058] Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow

Security Advisory

_{Related note}
3474398

_CVSS
8.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0061] Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Security Advisory

_{Related note}
3550674

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0068] Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3492169

_CVSS
2.2

_{Affected system
type}
BI/BO platform

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
Multiple Buffer overflow vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Crystal Reports for Enterprise)

Security Advisory

_{Related note}
3537476

_CVSS
9.9

_{Affected system
type}
Kernel

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0070] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

Security Advisory

_{Related note}
3550708

_CVSS
9.9

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0066] Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Framework)

Security Advisory

_{Related note}
3503138

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0059] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

Security Advisory

_{Related note}
3514421

_CVSS
4.8

_{Affected system
type}
Java

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0057] Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

Security Advisory

_{Related note}
3550816

_CVSS
8.8

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

Description
[CVE-2025-0063] SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Security Advisory

Notifications

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

Related note 3502459

CVSS 6.0

Affected system type SAP GUI / Frontend

Patchday2025-01

Released on2025/01/14

Related note 3472837

CVSS 6.0

Affected system type SAP GUI / Frontend

Patchday2025-01

Released on2025/01/14

Related note 3536461

CVSS 5.3

Affected system type ABAP

Patchday2025-01

Released on2025/01/14

Related note 3540108

CVSS 6.3

Affected system type Java

Patchday2025-01

Released on2025/01/14

Related note 3542533

CVSS 7.8

Affected system type SAPSetup

Patchday2025-01

Released on2025/01/14

Related note 3542698

CVSS 6.5

Affected system type ABAP

Patchday2025-01

Released on2025/01/14

Related note 3474398

CVSS 8.7

Affected system type BI/BO platform

Patchday2025-01

Released on2025/01/14

Related note 3550674

CVSS 4.3

Affected system type ABAP

Patchday2025-01

Released on2025/01/14

Related note 3492169

CVSS 2.2

Affected system type BI/BO platform

Patchday2025-01

Released on2025/01/14

Related note 3537476

CVSS 9.9

Affected system type Kernel

Patchday2025-01

Released on2025/01/14

Related note 3550708

CVSS 9.9

Affected system type ABAP

Patchday2025-01

Released on2025/01/14

Related note 3503138

CVSS 6.0

Affected system type SAP GUI / Frontend

Patchday2025-01

Released on2025/01/14

Related note 3514421

CVSS 4.8

Affected system type Java

Patchday2025-01

Released on2025/01/14

Related note 3550816

CVSS 8.8

Affected system type ABAP

Patchday2025-01

Released on2025/01/14

_{Related note}
3502459

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3472837

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3536461

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3540108

_CVSS
6.3

_{Affected system
type}
Java

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3542533

_CVSS
7.8

_{Affected system
type}
SAPSetup

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3542698

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3474398

_CVSS
8.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3550674

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3492169

_CVSS
2.2

_{Affected system
type}
BI/BO platform

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3537476

_CVSS
9.9

_{Affected system
type}
Kernel

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3550708

_CVSS
9.9

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3503138

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3514421

_CVSS
4.8

_{Affected system
type}
Java

_Patchday
2025-01

_{Released
on}
2025/01/14

_{Related note}
3550816

_CVSS
8.8

_{Affected system
type}
ABAP

_Patchday
2025-01

_{Released
on}
2025/01/14