SAP© Security Advisories - 02 2025 - Severity High

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 6 security advices for you to review.

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

_{Related note}
3563929

_CVSS
7.1

_{Affected system
type}
SAP HANA Platform

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24868] Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

Security Advisory

_{Related note}
3567974

_CVSS
8.1

_{Affected system
type}
SAP Approuter

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24876] Authentication bypass via authorization code injection in SAP Approuter

Security Advisory

_{Related note}
3525794

_CVSS
8.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-0064] Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

Security Advisory

_{Related note}
3567551

_CVSS
8.6

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-25243] Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Security Advisory

_{Related note}
3417627

_CVSS
8.8

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2024/02/13

Description
[CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Security Advisory

_{Related note}
3567172

_CVSS
7.5

_{Affected system
type}
SAP Enterprise...

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2024-38819] Multiple vulnerabilities in SAP Enterprise Project Connection

Security Advisory

Notifications

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

Related note 3563929

CVSS 7.1

Affected system type SAP HANA Platform

Patchday2025-02

Released on2025/02/11

Related note 3567974

CVSS 8.1

Affected system type SAP Approuter

Patchday2025-02

Released on2025/02/11

Related note 3525794

CVSS 8.7

Affected system type BI/BO platform

Patchday2025-02

Released on2025/02/11

Related note 3567551

CVSS 8.6

Affected system type Java

Patchday2025-02

Released on2025/02/11

Related note 3417627

CVSS 8.8

Affected system type Java

Patchday2025-02

Released on2024/02/13

Related note 3567172

CVSS 7.5

Affected system type SAP Enterprise...

Patchday2025-02

Released on2025/02/11

_{Related note}
3563929

_CVSS
7.1

_{Affected system
type}
SAP HANA Platform

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3567974

_CVSS
8.1

_{Affected system
type}
SAP Approuter

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3525794

_CVSS
8.7

_{Affected system
type}
BI/BO platform

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3567551

_CVSS
8.6

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3417627

_CVSS
8.8

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2024/02/13

_{Related note}
3567172

_CVSS
7.5

_{Affected system
type}
SAP Enterprise...

_Patchday
2025-02

_{Released
on}
2025/02/11