SAP© Security Advisories - 02 2025 - Severity Medium

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Hey there! Glad you made it.
We have found 14 security advices for you to review.

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

_{Related note}
3562336

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24870] Insecure Key & Secret Management vulnerability in SAP GUI for Windows

Security Advisory

_{Related note}
3287784

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2023/04/11

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Security Advisory

_{Related note}
3547581

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-23190] Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Security Advisory

_{Related note}
3553753

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24872] Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

Security Advisory

_{Related note}
3555364

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24875] SameSite Defense in Depth not applied for some cookies in SAP Commerce

Security Advisory

_{Related note}
3540273

_CVSS
5.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2024-45216] Multiple vulnerabilities in Apache Solr within SAP Commerce Cloud

Security Advisory

_{Related note}
3559510

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24874] Missing Defense in Depth Against Clickjacking in SAP Commerce (Backoffice)

Security Advisory

_{Related note}
3550027

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24869] Information Disclosure vulnerability in SAP NetWeaver Application Server Java

Security Advisory

_{Related note}
3561264

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-23193] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory

_{Related note}
3445708

_CVSS
6.1

_{Affected system
type}
BI/BO platform

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-24867] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)

Security Advisory

_{Related note}
3546470

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-23187] Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Security Advisory

_{Related note}
3526203

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-0054] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

Security Advisory

_{Related note}
3532025

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
[CVE-2025-25241] Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)

Security Advisory

_{Related note}
3557138

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

Description
Update 1 to Security Note 3417627 - [CVE-2024-22126] Cross Site Scripting vulnerability in NetWeaver AS Java (User Admin Application)

Security Advisory

Notifications

Severity

SAP© Security advisories 14

System Types

Affected SAP© system types

Related note 3562336

CVSS 6.0

Affected system type SAP GUI / Frontend

Patchday2025-02

Released on2025/02/11

Related note 3287784

CVSS 5.3

Affected system type Java

Patchday2025-02

Released on2023/04/11

Related note 3547581

CVSS 4.3

Affected system type ABAP

Patchday2025-02

Released on2025/02/11

Related note 3553753

CVSS 4.3

Affected system type ABAP

Patchday2025-02

Released on2025/02/11

Related note 3555364

CVSS 6.8

Affected system type SAP Commerce Cloud

Patchday2025-02

Released on2025/02/11

Related note 3540273

CVSS 5.5

Affected system type SAP Commerce Cloud

Patchday2025-02

Released on2025/02/11

Related note 3559510

CVSS 6.8

Affected system type SAP Commerce Cloud

Patchday2025-02

Released on2025/02/11

Related note 3550027

CVSS 4.3

Affected system type Java

Patchday2025-02

Released on2025/02/11

Related note 3561264

CVSS 5.3

Affected system type ABAP

Patchday2025-02

Released on2025/02/11

Related note 3445708

CVSS 6.1

Affected system type BI/BO platform

Patchday2025-02

Released on2025/02/11

Related note 3546470

CVSS 5.3

Affected system type ABAP

Patchday2025-02

Released on2025/02/11

Related note 3526203

CVSS 5.4

Affected system type Java

Patchday2025-02

Released on2025/02/11

Related note 3532025

CVSS 5.4

Affected system type ABAP

Patchday2025-02

Released on2025/02/11

Related note 3557138

CVSS 6.1

Affected system type Java

Patchday2025-02

Released on2025/02/11

_{Related note}
3562336

_CVSS
6.0

_{Affected system
type}
SAP GUI / Frontend

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3287784

_CVSS
5.3

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2023/04/11

_{Related note}
3547581

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3553753

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3555364

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3540273

_CVSS
5.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3559510

_CVSS
6.8

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3550027

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3561264

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3445708

_CVSS
6.1

_{Affected system
type}
BI/BO platform

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3546470

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3526203

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3532025

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2025-02

_{Released
on}
2025/02/11

_{Related note}
3557138

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2025-02

_{Released
on}
2025/02/11